Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:243 ] enscript

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1229383815-14940-5945

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:243

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : enscript

Date : December 15, 2008

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0

_______________________________________________________________________

 

Problem Description:

 

Two buffer overflow vulnerabilities were discovered in GNU enscript,

which could allow an attacker to execute arbitrary commands via a

specially crafted ASCII file, if the file were opened with the -e or

--escapes option enabled (CVE-2008-3863, CVE-2008-4306).

 

The updated packages have been patched to prevent these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

3e6a1e5e1fbb01056290779845a373b9 2008.0/i586/enscript-1.6.4-8.1mdv2008.0.i586.rpm

b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

79799132f835055cb1248827c7b20b1e 2008.0/x86_64/enscript-1.6.4-8.1mdv2008.0.x86_64.rpm

b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

f756b4d3f93f90f8464f097eafd8c8fe 2008.1/i586/enscript-1.6.4-8.1mdv2008.1.i586.rpm

1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

ec5e16911668d5d426938e804c8ee213 2008.1/x86_64/enscript-1.6.4-8.1mdv2008.1.x86_64.rpm

1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

32c32ad7ce630cbf2822aecdc1bd43ec 2009.0/i586/enscript-1.6.4-8.1mdv2009.0.i586.rpm

def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

9ec59f8cf2ee2754d3e5ce3ff8852d05 2009.0/x86_64/enscript-1.6.4-8.1mdv2009.0.x86_64.rpm

def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm

 

Corporate 3.0:

c8d92ad1383eae7e3eb43af72f0e673a corporate/3.0/i586/enscript-1.6.4-1.2.C30mdk.i586.rpm

194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

afc5739e65128feced597669f7a68f3d corporate/3.0/x86_64/enscript-1.6.4-1.2.C30mdk.x86_64.rpm

194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJRrqqmqjQ0CJFipgRAhuGAKCWB9vqbe6cUOtii30YE115xVKV1ACfbM8C

TRgbkjX8BKza8puysd47FuE=

=d33X

-----END PGP SIGNATURE-----

 

 

------------=_1229383815-14940-5945

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1229383815-14940-5945--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×