Remote Linux Groff Exploitation Via LPD Vulnerability

Solution:
Zenith Parsec supplied an unofficial source code patch.

NetBSD has released an advisory. Users are advised to upgrade the pic(1) binary.

Users of NetBSD-current are advised to upgrade to NetBSD-current dated 2002-09-28 or later. Users of NetBSD 1.6 are advised to upgrade from NetBSD 1.6 sources dated 2002-10-03 or later. Users of NetBSD 1.5 through 1.5.3 from NetBSD 1.5.* sources dated 2002-09-28 or later. Further details are available in the referenced advisory.

Upgrades are available for users of Gentoo Linux. They may be applied by issuing the following commands:

emerge rsync
emerge groff
emerge clean

Updated packages that rectify this issue are available:


jgroff jgroff 1.15

GNU groff 1.15

GNU groff 1.16


 

Privacy Statement
Copyright 2010, SecurityFocus