To: [email protected]Subject: [ MDVSA-2008:243 ] enscript
Date: Mon, 15 Dec 2008 16:31:00 -0700
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LCMtw-0003P5-8B@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:243
http://www.mandriva.com/security/
_______________________________________________________________________
Package : enscript
Date : December 15, 2008
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Two buffer overflow vulnerabilities were discovered in GNU enscript,
which could allow an attacker to execute arbitrary commands via a
specially crafted ASCII file, if the file were opened with the -e or
--escapes option enabled (CVE-2008-3863, CVE-2008-4306).
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
3e6a1e5e1fbb01056290779845a373b9 2008.0/i586/enscript-1.6.4-8.1mdv2008.0.i586.rpm
b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
79799132f835055cb1248827c7b20b1e 2008.0/x86_64/enscript-1.6.4-8.1mdv2008.0.x86_64.rpm
b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
f756b4d3f93f90f8464f097eafd8c8fe 2008.1/i586/enscript-1.6.4-8.1mdv2008.1.i586.rpm
1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
ec5e16911668d5d426938e804c8ee213 2008.1/x86_64/enscript-1.6.4-8.1mdv2008.1.x86_64.rpm
1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
32c32ad7ce630cbf2822aecdc1bd43ec 2009.0/i586/enscript-1.6.4-8.1mdv2009.0.i586.rpm
def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
9ec59f8cf2ee2754d3e5ce3ff8852d05 2009.0/x86_64/enscript-1.6.4-8.1mdv2009.0.x86_64.rpm
def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm
Corporate 3.0:
c8d92ad1383eae7e3eb43af72f0e673a corporate/3.0/i586/enscript-1.6.4-1.2.C30mdk.i586.rpm
194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
afc5739e65128feced597669f7a68f3d corporate/3.0/x86_64/enscript-1.6.4-1.2.C30mdk.x86_64.rpm
194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJRrqqmqjQ0CJFipgRAhuGAKCWB9vqbe6cUOtii30YE115xVKV1ACfbM8C
TRgbkjX8BKza8puysd47FuE=
=d33X
-----END PGP SIGNATURE-----