Your submission was sent successfully! Close

USN-1979-1: txt2man vulnerability

30 September 2013

txt2man could be made to overwrite files.

Releases

Packages

  • txt2man - Converts flat ASCII text to man page format

Details

Patrick J Cherry discovered that txt2man contained leftover debugging code
that incorrectly created a temporary file. A local attacker could possibly
use this issue to overwrite arbitrary files. In the default Ubuntu
installation, this should be prevented by the Yama link restrictions.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04

In general, a standard system update will make all the necessary changes.

References