USN-1979-1: txt2man vulnerability
Ubuntu Security Notice USN-1979-1
30th September, 2013
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
txt2man could be made to overwrite files.
- txt2man - Converts flat ASCII text to man page format
Patrick J Cherry discovered that txt2man contained leftover debugging code
that incorrectly created a temporary file. A local attacker could possibly
use this issue to overwrite arbitrary files. In the default Ubuntu
installation, this should be prevented by the Yama link restrictions.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 13.04:
- txt2man 1.5.5-4ubuntu0.13.04.1
- Ubuntu 12.10:
- txt2man 1.5.5-4ubuntu0.12.10.1
- Ubuntu 12.04 LTS:
- txt2man 1.5.5-4ubuntu0.12.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.