Linux Security
    Linux Security
    Linux Security

    Debian: 'jgroff' Format string overflow

    Date 30 Jan 2002
    Posted By LinuxSecurity Advisories
    The pic command was vulnerable to a printf format attackwhich made it possible to circumvent the `-S' option and executearbitrary code.
    Debian Security Advisory DSA 107-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    January 30th, 2002
    Package        : jgroff
    Vulnerability  : format print
    Problem-Type   : local
    Debian-specific: no
    Basically, this is the same Security Advisory as DSA 072-1, but for
    jgroff instead of groff.  The package jgroff contains a version
    derived from groff that has japaneze character sets enabled.  This
    package is available only in the stable release of Debian, patches for
    japanese support have been merged into the main groff package.
    The old advisory said:
    Zenith Parse found a security problem in groff (the GNU version of
    troff).  The pic command was vulnerable to a printf format attack
    which made it possible to circumvent the `-S' option and execute
    arbitrary code.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 2.2 alias potato
      Source archives:
          MD5 checksum: ba0fffab320b5881f467c4f52788169a
          MD5 checksum: e37b47561a5988793fa1da9a145d2ac0
          MD5 checksum: dc1d97074ac73ab0e645a1b80d9639f2
      Alpha architecture:
          MD5 checksum: 5f5eb9347ba9d88e76f10d85350c7c88
      ARM architecture:
          MD5 checksum: 46adbcf3aa0eb0b4772a6a1364d92c72
      Intel ia32 architecture:
          MD5 checksum: 1980d28cf9c24231e3583ba994402388
      Motorola 680x0 architecture:
          MD5 checksum: 02327d6d85d7a51b2654af373e5508b2
      PowerPC architecture:
          MD5 checksum: 3f08beb01d355399e11bfaa4d28433f1
      Sun Sparc architecture:
          MD5 checksum: a0443303f539c40f3b9415b7035abc7d
      These files will probably be moved into the stable distribution on
      its next revision.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.