Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Fedora Core 2 2005-015 Moderate: Enscript Command Execution Threats

fedora
Calendar Grey January 26, 2005
Dist Fedora Esm H88
Fedora Core 2 updates enscript to resolve command execution and buffer overflow risks for users. Find details here!
Several security relevant problems in enscript, a program to converts ASCII text to Postscript and other formats.

Summary

GNU enscript is a free replacement for Adobe's Enscript

program. Enscript converts ASCII files to PostScript(TM) and spools

generated PostScript output to the specified printer or saves it to a

file. Enscript can be extended to handle different output media and

includes many options for customizing printouts.

Erik Sj=F6lund has discovered several security relevant problems in

enscript, a program to converts ASCII text to Postscript and other

formats. The Common Vulnerabilities and Exposures project identifies

the following vulnerabilities:

CAN-2004-1184

Unsanitised input can caues the execution of arbitrary commands

via EPSF pipe support. This has been disabled, also upstream.

CAN-2004-1185

Due to missing sanitising of filenames it is possible that a

specially crafted filename can cause arbitrary commands to be

executed.

CAN-2004-1186

Multiple buffer overflows can cause the program to crash.

- Fixed patch for CAN-2004-1186 (bug #114684).

* Tue Jan 11 2005 Tim Waugh 1.6.1-25.1

- Added patch to fix CAN-2004-1186 (bug #114684).

- Added patch to fix CAN-2004-1185 (bug #114684).

- Backported patch to fix CAN-2004-1184 (bug #114684).

aa8a46ea612edcccad9c3a90812e7b87 SRPMS/enscript-1.6.1-25.2.src.rpm

333674557f54bd9e05ad7b57e91ccd97 x86_64/enscript-1.6.1-25.2.x86_64.rpm

d1042af5d9397370d41170d06ce07d23 x86_64/debug/enscript-debuginfo-1.6.1-25.2.x86_64.rpm

d42a75862ed92f3a01840c42cc476a45 i386/enscript-1.6.1-25.2.i386.rpm

15dab7f96309408804dc89b233984dbe i386/debug/enscript-debuginfo-1.6.1-25.2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command. =20

--jefwvkmz5Z4uFxYh

Content-Type: application/pgp-signature

Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB94DoHU/d4jnpWe0RAim8AJ9VZblYzn8ggjRImehaefclx1BsvACglHwM

39HSCb+7fQ6OWKfiZLy/Ppo=apJM

-----END PGP SIGNATURE-------jefwvkmz5Z4uFxYh--

--===============1588848315=Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Content-Disposition: inline

--fedora-announce-list mailing list

fedora-announce-list@redhat.com

Topics%20covered

Topics Covered

security advisory moderate security update buffer overflow Fedora command execution enscript

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Name: enscript
Version: 1.6.1 =20
Release: 25.2 =20
Summary: A plain ASCII to PostScript converter.

Topics%20covered

Topics Covered

security advisory moderate security update buffer overflow Fedora command execution enscript

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here