USN-1979-1: txt2man vulnerability

Ubuntu Security Notice USN-1979-1

30th September, 2013

txt2man vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary

txt2man could be made to overwrite files.

Software description

  • txt2man - Converts flat ASCII text to man page format

Details

Patrick J Cherry discovered that txt2man contained leftover debugging code
that incorrectly created a temporary file. A local attacker could possibly
use this issue to overwrite arbitrary files. In the default Ubuntu
installation, this should be prevented by the Yama link restrictions.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 13.04:
txt2man 1.5.5-4ubuntu0.13.04.1
Ubuntu 12.10:
txt2man 1.5.5-4ubuntu0.12.10.1
Ubuntu 12.04 LTS:
txt2man 1.5.5-4ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-1444