![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Colin Watson <cjwatson@debian.org> To: bugtraq@securityfocus.com Subject: Re: [RHSA-2002:004-06] New groff packages available to fix security problems Date: Wed, 16 Jan 2002 05:47:31 +0000 On Wed, Jan 16, 2002 at 05:18:41AM +0000, bugzilla@redhat.com wrote: > Synopsis: New groff packages available to fix security problems > Advisory ID: RHSA-2002:004-06 > Issue date: 2002-01-07 > Updated on: 2002-01-14 > Product: Red Hat Linux > Keywords: groff security [...] > Groff is a document formatting system. The groff preprocessor contains an > exploitable buffer overflow. If groff can be invoked within the LPRng > printing system, an attacker can gain rights as the "lp" user. This problem does not affect the stable release of Debian, as the version of groff in Debian 2.2 did not contain the grn preprocessor to which this advisory applies. Thus I don't believe we'll be issuing an official advisory. The bug did affect both the testing and unstable distributions of Debian, and is fixed in groff 1.17.2-15 in unstable. This package will propagate into testing in a few days, once binary packages for architectures other than i386 have been prepared. Regards, -- Colin Watson, Debian groff maintainer [cjwatson@flatline.org.uk]