Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-5080

Published: 30 June 2011

The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

Notes

AuthorNote
jdstrand 
Debian CVE tracker lists this as fixed in 1.20.1-5, but it is not
mdeslaur 
The CVE description looks wrong, it looks like this CVE was
actually fixed in 1.22.4.

Priority

Low

Status

Package Release Status
groff
Launchpad, Ubuntu, Debian 		artful Ignored
(end of life)
bionic Needed

cosmic Ignored
(end of life)
disco Ignored
(end of life)
eoan Ignored
(end of life)
focal Not vulnerable
(1.22.4-4build1)
groovy Ignored
(end of life)
hardy Ignored
(end of life)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(1.22.4-8build1)
kinetic Not vulnerable
(1.22.4-8build1)
lucid Ignored
(end of life)
lunar Not vulnerable
(1.22.4-9)
mantic Not vulnerable
(1.22.4-9)
maverick Ignored
(end of life)
natty Ignored
(end of life)
oneiric Ignored
(end of life)
precise Ignored
(end of life)
quantal Ignored
(end of life)
raring Ignored
(end of life)
saucy Ignored
(end of life)
trusty Needed

upstream Needs triage

utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Needed

yakkety Ignored
(end of life)
zesty Ignored
(end of life)
Patches:
upstream: http://git.savannah.gnu.org/cgit/groff.git/commit/?id=b1cd3b77a48f56c319b8642234f39b21e260e0c3
upstream: http://git.savannah.gnu.org/cgit/groff.git/commit/?id=c100633a9f6be3d65c2566eea894109026f8ae64
upstream: http://git.savannah.gnu.org/cgit/groff.git/commit/?id=fad8dfc74dfba5ede0a9728942a75894cfa8850d
upstream: http://git.savannah.gnu.org/cgit/groff.git/commit/?id=40b1fd9c694cdfe2a6d9545a669f0a62ea71430b

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading