RedHat: Updated enscript package fixes security issues

    Date01 Feb 2005
    CategoryRed Hat
    5197
    Posted ByJoe Shakespeare
    An updated enscript package that fixes several security issues is now available.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Updated enscript package fixes security issues
    Advisory ID:       RHSA-2005:039-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-039.html
    Issue date:        2005-02-01
    Updated on:        2005-02-01
    Product:           Red Hat Enterprise Linux
    CVE Names:         CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    An updated enscript package that fixes several security issues is now
    available.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
    Red Hat Linux Advanced Workstation 2.1 - ia64
    Red Hat Enterprise Linux ES version 2.1 - i386
    Red Hat Enterprise Linux WS version 2.1 - i386
    Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Desktop version 3 - i386, x86_64
    Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
    
    3. Problem description:
    
    GNU enscript converts ASCII files to PostScript.
    
    Enscript has the ability to interpret special escape sequences. A flaw was
    found in the handling of the epsf command used to insert inline EPS files
    into a document. An attacker could create a carefully crafted ASCII file
    which made use of the epsf pipe command in such a way that it could execute
    arbitrary commands if the file was opened with enscript by a victim. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
    the name CAN-2004-1184 to this issue.
    
    Additional flaws in Enscript were also discovered which can only be
    triggered by executing enscript with carefully crafted command line
    arguments. These flaws therefore only have a security impact if enscript
    is executed by other programs and passed untrusted data from remote users.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CAN-2004-1185 and CAN-2004-1186 to these issues.
    
    All users of enscript should upgrade to these updated packages, which
    resolve these issues.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    144683 - CAN-2004-1184 multiple security issues in enscript (CAN-2004-1185 CAN-2004-1186)
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/enscript-1.6.1-16.5.src.rpm
    8e405e471e4419319c6ac65c80d02d5c  enscript-1.6.1-16.5.src.rpm
    
    i386:
    9f3d90e1f1d723669b77f7f814f15923  enscript-1.6.1-16.5.i386.rpm
    
    ia64:
    872542b1728ba95a680a703fd49b88ab  enscript-1.6.1-16.5.ia64.rpm
    
    Red Hat Linux Advanced Workstation 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/enscript-1.6.1-16.5.src.rpm
    8e405e471e4419319c6ac65c80d02d5c  enscript-1.6.1-16.5.src.rpm
    
    ia64:
    872542b1728ba95a680a703fd49b88ab  enscript-1.6.1-16.5.ia64.rpm
    
    Red Hat Enterprise Linux ES version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/enscript-1.6.1-16.5.src.rpm
    8e405e471e4419319c6ac65c80d02d5c  enscript-1.6.1-16.5.src.rpm
    
    i386:
    9f3d90e1f1d723669b77f7f814f15923  enscript-1.6.1-16.5.i386.rpm
    
    Red Hat Enterprise Linux WS version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/enscript-1.6.1-16.5.src.rpm
    8e405e471e4419319c6ac65c80d02d5c  enscript-1.6.1-16.5.src.rpm
    
    i386:
    9f3d90e1f1d723669b77f7f814f15923  enscript-1.6.1-16.5.i386.rpm
    
    Red Hat Enterprise Linux AS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/enscript-1.6.1-24.4.src.rpm
    25774a6b655e1b1b1647b5b45a70ddee  enscript-1.6.1-24.4.src.rpm
    
    i386:
    8396407a881a05c9a139a1d324f179f8  enscript-1.6.1-24.4.i386.rpm
    
    ia64:
    93bfe25753b73dbcaa8390a82671cf09  enscript-1.6.1-24.4.ia64.rpm
    
    ppc:
    3ca7dfe2d1b9525000c5483c697de3e1  enscript-1.6.1-24.4.ppc.rpm
    
    s390:
    b54d139ecc5862c27517afa75adcc376  enscript-1.6.1-24.4.s390.rpm
    
    s390x:
    069ca11ef416ffd0914bd72fba54cbdb  enscript-1.6.1-24.4.s390x.rpm
    
    x86_64:
    abc897af6cc5379b87964c7d03d3ad8f  enscript-1.6.1-24.4.x86_64.rpm
    
    Red Hat Desktop version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/enscript-1.6.1-24.4.src.rpm
    25774a6b655e1b1b1647b5b45a70ddee  enscript-1.6.1-24.4.src.rpm
    
    i386:
    8396407a881a05c9a139a1d324f179f8  enscript-1.6.1-24.4.i386.rpm
    
    x86_64:
    abc897af6cc5379b87964c7d03d3ad8f  enscript-1.6.1-24.4.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/enscript-1.6.1-24.4.src.rpm
    25774a6b655e1b1b1647b5b45a70ddee  enscript-1.6.1-24.4.src.rpm
    
    i386:
    8396407a881a05c9a139a1d324f179f8  enscript-1.6.1-24.4.i386.rpm
    
    ia64:
    93bfe25753b73dbcaa8390a82671cf09  enscript-1.6.1-24.4.ia64.rpm
    
    x86_64:
    abc897af6cc5379b87964c7d03d3ad8f  enscript-1.6.1-24.4.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/enscript-1.6.1-24.4.src.rpm
    25774a6b655e1b1b1647b5b45a70ddee  enscript-1.6.1-24.4.src.rpm
    
    i386:
    8396407a881a05c9a139a1d324f179f8  enscript-1.6.1-24.4.i386.rpm
    
    ia64:
    93bfe25753b73dbcaa8390a82671cf09  enscript-1.6.1-24.4.ia64.rpm
    
    x86_64:
    abc897af6cc5379b87964c7d03d3ad8f  enscript-1.6.1-24.4.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1184
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1185
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1186
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.