Debian Security Advisory
DSA-107-1 jgroff -- format print vulnerability
- Date Reported:
- 30 Jan 2002
- Affected Packages:
- jgroff
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
Basically, this is the same Security Advisory as DSA 072-1, but for
jgroff instead of groff. The package jgroff contains a version
derived from groff that has Japanese character sets enabled. This
package is available only in the stable release of Debian, patches for
Japanese support have been merged into the main groff package.
The old advisory said:
Zenith Parse found a security problem in groff (the GNU version of troff). The pic command was vulnerable to a printf format attack which made it possible to circumvent the `-S' option and execute arbitrary code.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.dsc
- http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/jgroff_1.15+ja-3.4_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/jgroff_1.15+ja-3.4_arm.deb
- Intel ia32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/jgroff_1.15+ja-3.4_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/jgroff_1.15+ja-3.4_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/jgroff_1.15+ja-3.4_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/jgroff_1.15+ja-3.4_sparc.deb
MD5 checksums of the listed files are available in the original advisory.