© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Colin, there was a related issue that Halfdog reported to us in May that used the /var/cache/man/ directory in conjunction with a kernel oddity to provide a different group man -> root user vulnerability. It's not widely known, but is documented at http://
This second flaw is what encouraged me to suggest taking the more drastic step of disabling the catdoc functionality.
If you can find other solutions that are less invasive, it certainly would be more in keeping with the style of security updates. But with the speed of modern machines, I'm not sure catdocs are as useful as they used to be, so it seemed like an easy step to take to mitigate security problems, both these two and potentially future issues.
Thanks