Remote Linux Groff Exploitation Via LPD Vulnerability

Zenith Parsec supplied an unofficial source code patch.

NetBSD has released an advisory. Users are advised to upgrade the pic(1) binary.

Users of NetBSD-current are advised to upgrade to NetBSD-current dated 2002-09-28 or later. Users of NetBSD 1.6 are advised to upgrade from NetBSD 1.6 sources dated 2002-10-03 or later. Users of NetBSD 1.5 through 1.5.3 from NetBSD 1.5.* sources dated 2002-09-28 or later. Further details are available in the referenced advisory.

Upgrades are available for users of Gentoo Linux. They may be applied by issuing the following commands:

emerge rsync
emerge groff
emerge clean

Updated packages that rectify this issue are available:

jgroff jgroff 1.15

GNU groff 1.15

GNU groff 1.16


Privacy Statement
Copyright 2010, SecurityFocus