[ MDVSA-2008:243 ] enscript




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:243
http://www.mandriva.com/security/
_______________________________________________________________________

Package : enscript
Date : December 15, 2008
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

Two buffer overflow vulnerabilities were discovered in GNU enscript,
which could allow an attacker to execute arbitrary commands via a
specially crafted ASCII file, if the file were opened with the -e or
--escapes option enabled (CVE-2008-3863, CVE-2008-4306).

The updated packages have been patched to prevent these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
3e6a1e5e1fbb01056290779845a373b9 2008.0/i586/enscript-1.6.4-8.1mdv2008.0.i586.rpm
b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
79799132f835055cb1248827c7b20b1e 2008.0/x86_64/enscript-1.6.4-8.1mdv2008.0.x86_64.rpm
b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
f756b4d3f93f90f8464f097eafd8c8fe 2008.1/i586/enscript-1.6.4-8.1mdv2008.1.i586.rpm
1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
ec5e16911668d5d426938e804c8ee213 2008.1/x86_64/enscript-1.6.4-8.1mdv2008.1.x86_64.rpm
1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
32c32ad7ce630cbf2822aecdc1bd43ec 2009.0/i586/enscript-1.6.4-8.1mdv2009.0.i586.rpm
def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
9ec59f8cf2ee2754d3e5ce3ff8852d05 2009.0/x86_64/enscript-1.6.4-8.1mdv2009.0.x86_64.rpm
def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm

Corporate 3.0:
c8d92ad1383eae7e3eb43af72f0e673a corporate/3.0/i586/enscript-1.6.4-1.2.C30mdk.i586.rpm
194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
afc5739e65128feced597669f7a68f3d corporate/3.0/x86_64/enscript-1.6.4-1.2.C30mdk.x86_64.rpm
194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJRrqqmqjQ0CJFipgRAhuGAKCWB9vqbe6cUOtii30YE115xVKV1ACfbM8C
TRgbkjX8BKza8puysd47FuE=
=d33X
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2008:163 ] python
    ... Multiple integer overflows in the imageop module in Python prior to ... Multiple integer overflows were reported by the Google Security Team ... The updated packages have been patched to correct these issues. ... Python packages on Mandriva Linux 2007.1 and 2008.0 have ...
    (Full-Disclosure)
  • [ MDVSA-2008:163 ] python
    ... Multiple integer overflows in the imageop module in Python prior to ... Multiple integer overflows were reported by the Google Security Team ... The updated packages have been patched to correct these issues. ... Python packages on Mandriva Linux 2007.1 and 2008.0 have ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:079 ] firefox
    ... Chris Evans of the Chrome Security Team reported that the XSLT ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... If you want to report vulnerabilities, ...
    (Full-Disclosure)
  • [ MDVSA-2011:079 ] firefox
    ... Chris Evans of the Chrome Security Team reported that the XSLT ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... If you want to report vulnerabilities, ...
    (Bugtraq)
  • [ MDKSA-2006:172-1 ] - Updated openssl packages fix vulnerabilities
    ... Dr S N Henson of the OpenSSL core team and Open Network Security ... Tavis Ormandy and Will Drewry of the Google Security Team discovered a ... Updated packages are patched to address these issues. ... Mandriva Linux 2006.0/X86_64: ...
    (Bugtraq)