Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA 200411-15 Normal: OpenSSL Groff Symlink Threat

gentoo
Calendar Grey November 8, 2004
Dist Gentoo Esm H88
CVE-2023-xyz: Critical OpenSSL and Groff security notice in Gentoo. Users must update to ensure system integrity.
groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overw...

Summary

Gentoo Linux Security Advisory GLSA 200411-15 https://security.gentoo.org/ Severity: Normal Title: OpenSSL, Groff: Insecure tempfile handling Date: November 08, 2004 Bugs: #68404, #68407 ID: 200411-15

Synopsis ======= groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
Background ========= OpenSSL is a toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols as well as a general-purpose cryptography library. It includes the der_chop script, which is used to convert DER-encoded certificates to PEM format. Groff (GNU Troff) is a typesetting package which reads plain text mixed with formatting commands and produces formatted output. It includes groffer, a command used ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo symlink attack openssl groff normal severity insecure tempfile handling

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo symlink attack openssl groff normal severity insecure tempfile handling

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here