Zenith Parse found a security problem in groff (the GNU version of troff). The pic command was vulnerable to a printf format attack which made it possible to circumvent the `-S' option and execute arbitrary code. This has been fixed in version 1.15.2-2, and we recommend that you upgrade your groff packages immediately.
groff
(the GNU version of
troff
). The pic command was vulnerable to a printf format attack
which made it possible to circumvent the `-S' option and execute
arbitrary code.
This has been fixed in version 1.15.2-2, and we recommend that you upgrade
your groff
packages immediately.
MD5 checksums of the listed files are available in the original advisory.