ports/80671: japanese/groff: Fix insecure temporary file creation vulnerabilities.
KOMATSU Shinichiro
koma2 at lovepeers.org
Thu May 5 18:40:03 UTC 2005
>Number: 80671
>Category: ports
>Synopsis: japanese/groff: Fix insecure temporary file creation vulnerabilities.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 05 18:40:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: KOMATSU Shinichiro
>Release: FreeBSD 5.3-RELEASE-p5 amd64
>Organization:
>Environment:
FreeBSD 5.3-RELEASE-p5 amd64
>Description:
Update japanese/groff to Debian version 1.18.1.1_7.
This version contains the following vulnerability fixes:
- groffer uses temp files unsafely (CAN-2004-0969)
- pic2graph and eqn2graph are vulnerable to symlink attack
through temporary file (CAN-2004-1296)
>How-To-Repeat:
>Fix:
Index: japanese/groff/Makefile
===================================================================
RCS file: /home/ncvs/ports/japanese/groff/Makefile,v
retrieving revision 1.49
diff -u -r1.49 Makefile
--- japanese/groff/Makefile 14 May 2004 00:33:43 -0000 1.49
+++ japanese/groff/Makefile 5 May 2005 11:56:05 -0000
@@ -7,7 +7,8 @@
PORTNAME= groff
PORTVERSION= 1.18.1
-PORTREVISION= 7
+DISTVERSIONSUFFIX= .1
+PORTREVISION= 8
CATEGORIES= japanese print
MASTER_SITES= ${MASTER_SITE_LOCAL:S,%SUBDIR%,okazaki/&,} \
${MASTER_SITE_DEBIAN:S,$,:debian,}
@@ -16,7 +17,7 @@
PATCH_SITES= ${MASTER_SITE_DEBIAN}
PATCH_SITE_SUBDIR= pool/main/g/groff
-PATCHFILES= ${DISTNAME:S,-,_,}-15.diff.gz
+PATCHFILES= ${DISTNAME:S,-,_,}-7.diff.gz
PATCH_DIST_STRIP= -p1
MAINTAINER= okazaki at FreeBSD.org
Index: japanese/groff/distinfo
===================================================================
RCS file: /home/ncvs/ports/japanese/groff/distinfo,v
retrieving revision 1.18
diff -u -r1.18 distinfo
--- japanese/groff/distinfo 11 Mar 2004 05:31:52 -0000 1.18
+++ japanese/groff/distinfo 5 May 2005 11:24:10 -0000
@@ -1,6 +1,6 @@
-MD5 (groff_1.18.1.orig.tar.gz) = 4c7a1b478d230696f14743772f31639f
-SIZE (groff_1.18.1.orig.tar.gz) = 2250463
+MD5 (groff_1.18.1.1.orig.tar.gz) = 511dbd64b67548c99805f1521f82cc5e
+SIZE (groff_1.18.1.1.orig.tar.gz) = 2260623
MD5 (tmac-20030521_2.tar.gz) = 09e930a9690593b5de7118ae43962074
SIZE (tmac-20030521_2.tar.gz) = 136303
-MD5 (groff_1.18.1-15.diff.gz) = bb318ec68be02c8b0d8a834f9f296195
-SIZE (groff_1.18.1-15.diff.gz) = 117862
+MD5 (groff_1.18.1.1-7.diff.gz) = 363c4419e76af510948ba6472d0bd75c
+SIZE (groff_1.18.1.1-7.diff.gz) = 126964
Index: security/vuxml/vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.652
diff -u -r1.652 vuln.xml
--- security/vuxml/vuln.xml 3 May 2005 10:14:18 -0000 1.652
+++ security/vuxml/vuln.xml 5 May 2005 18:18:55 -0000
@@ -32,6 +32,59 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="01bb84e2-bd88-11d9-a281-02e018374e71">
+ <topic>groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary file</topic>
+ <affects>
+ <package>
+ <name>ja-groff</name>
+ <range><lt>1.18.1_8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The eqn2graph and pic2graph scripts in groff 1.18.1
+ allow local users to overwrite arbitrary files via
+ a symlink attack on temporary files.</p>
+ </body>
+ </description>
+ <references>
+ <bid>12058</bid>
+ <cvename>CAN-2004-1296</cvename>
+ <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371</url>
+ <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372</url>
+ </references>
+ <dates>
+ <discovery>2004-12-20</discovery>
+ <entry>2005-05-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="169f422f-bd88-11d9-a281-02e018374e71">
+ <topic>groff -- groffer uses temp files unsafely</topic>
+ <affects>
+ <package>
+ <name>ja-groff</name>
+ <range><lt>1.18.1_8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The groffer script in the Groff package 1.18 and later versions
+ allows local users to overwrite files via a symlink attack
+ on temporary files.</p>
+ </body>
+ </description>
+ <references>
+ <bid>11287</bid>
+ <cvename>CAN-2004-0969</cvename>
+ <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278265</url>
+ </references>
+ <dates>
+ <discovery>2004-09-30</discovery>
+ <entry>2005-05-06</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5f003a08-ba3c-11d9-837d-000e0c2e438a">
<topic>sharutils -- unshar insecure temporary file creation</topic>
<affects>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list