|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Colin Watson (cjwatson
debian.org)Date: Tue Jan 15 2002 - 23:47:31 CST
On Wed, Jan 16, 2002 at 05:18:41AM +0000, bugzillaredhat.com wrote:
> Synopsis: New groff packages available to fix security problems
> Advisory ID: RHSA-2002:004-06
> Issue date: 2002-01-07
> Updated on: 2002-01-14
> Product: Red Hat Linux
> Keywords: groff security
[...]
> Groff is a document formatting system. The groff preprocessor contains an
> exploitable buffer overflow. If groff can be invoked within the LPRng
> printing system, an attacker can gain rights as the "lp" user.
This problem does not affect the stable release of Debian, as the
version of groff in Debian 2.2 did not contain the grn preprocessor to
which this advisory applies. Thus I don't believe we'll be issuing an
official advisory.
The bug did affect both the testing and unstable distributions of
Debian, and is fixed in groff 1.17.2-15 in unstable. This package will
propagate into testing in a few days, once binary packages for
architectures other than i386 have been prepared.
Regards,
-- Colin Watson, Debian groff maintainer [cjwatson
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE8RRPz9t0zAhD6TNERAoxnAJ9AYtuLLgnJ60HM83J1ZFEF6hB8hwCfSYSw QL7Yx9c+p53zc4haNwY+40Y= =ZBlh -----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]