Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 11 articles for you...
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorybuffer overflowenscript

Scientific Linux: Moderate Enscripting Update CVE-2008-3863 Buffer Overflow

Moderate: enscript security update. Date: Tue, 16 Dec 2008 13:36:23 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for enscript on SL3.x, SL4.x, SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: enscript security update Issue date: 2008-12-15 CVE Names: CVE-2008-3863 CVE-2008-4306 CVE-2008-5078 Several buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the "special escapes" option (-e or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306, CVE-2008-5078) SL 3.0.x SRPMS: enscript-1.6.1-24.7.src.rpm i386: enscript-1.6.1-24.7.i386.rpm x86_64: enscript-1.6.1-24.7.x86_64.rpm SL 4.x SRPMS: enscript-1.6.1-33.el4_7.1.src.rpm i386: enscript-1.6.1-33.el4_7.1.i386.rpm x86_64: enscript-1.6.1-33.el4_7.1.x86_64.rpm SL 5.x SRPMS: enscript-1.6.4-4.1.1.el5_2.src.rpm i386: enscript-1.6.4-4.1.1.el5_2.i386.rpm x86_64: enscript-1.6.4-4.1.1.el5_2.x86_64.rpm -Connie Sieh -Troy Dawson . A recent security patch for the Enscript program resolves several buffer overflow vulnerabilities impacting Scientific Linux releases.. Scientific Linux, enscript update, buffer overflow, security patch. . LinuxSecurity.com Team

Calendar 2 Dec 16, 2008 Scientific Linux
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateRed Hat

Red Hat: RHSA-2008:1021-02 Moderate: Enscript Buffer Overflow

An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: enscript security update Advisory ID: RHSA-2008:1021-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2008:1021.html Issue date: 2008-12-15 CVE Names: CVE-2008-3863 CVE-2008-4306 CVE-2008-5078 ==================================================================== 1. Summary: An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Several buffer overflow flaws were found inGNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the "special escapes" option (-e or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306, CVE-2008-5078) All users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: i386: enscript-1.6.1-16.7.i386.rpm ia64: enscript-1.6.1-16.7.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ia64: enscript-1.6.1-16.7.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: i386: enscript-1.6.1-16.7.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: i386: enscript-1.6.1-16.7.i386.rpm Red Hat Enterprise Linux AS version 3: Source: i386: enscript-1.6.1-24.7.i386.rpm enscript-debuginfo-1.6.1-24.7.i386.rpm ia64: enscript-1.6.1-24.7.ia64.rpm enscript-debuginfo-1.6.1-24.7.ia64.rpm ppc: enscript-1.6.1-24.7.ppc.rpm enscript-debuginfo-1.6.1-24.7.ppc.rpm s390: enscript-1.6.1-24.7.s390.rpm enscript-debuginfo-1.6.1-24.7.s390.rpm s390x: enscript-1.6.1-24.7.s390x.rpm enscript-debuginfo-1.6.1-24.7.s390x.rpm x86_64: enscript-1.6.1-24.7.x86_64.rpm enscript-debuginfo-1.6.1-24.7.x86_64.rpm Red Hat Desktop version 3: Source: i386: enscript-1.6.1-24.7.i386.rpm enscript-debuginfo-1.6.1-24.7.i386.rpm x86_64: enscript-1.6.1-24.7.x86_64.rpm enscript-debuginfo-1.6.1-24.7.x86_64.rpm Red Hat Enterprise Linux ES version3: Source: i386: enscript-1.6.1-24.7.i386.rpm enscript-debuginfo-1.6.1-24.7.i386.rpm ia64: enscript-1.6.1-24.7.ia64.rpm enscript-debuginfo-1.6.1-24.7.ia64.rpm x86_64: enscript-1.6.1-24.7.x86_64.rpm enscript-debuginfo-1.6.1-24.7.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: i386: enscript-1.6.1-24.7.i386.rpm enscript-debuginfo-1.6.1-24.7.i386.rpm ia64: enscript-1.6.1-24.7.ia64.rpm enscript-debuginfo-1.6.1-24.7.ia64.rpm x86_64: enscript-1.6.1-24.7.x86_64.rpm enscript-debuginfo-1.6.1-24.7.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: i386: enscript-1.6.1-33.el4_7.1.i386.rpm enscript-debuginfo-1.6.1-33.el4_7.1.i386.rpm ia64: enscript-1.6.1-33.el4_7.1.ia64.rpm enscript-debuginfo-1.6.1-33.el4_7.1.ia64.rpm ppc: enscript-1.6.1-33.el4_7.1.ppc.rpm enscript-debuginfo-1.6.1-33.el4_7.1.ppc.rpm s390: enscript-1.6.1-33.el4_7.1.s390.rpm enscript-debuginfo-1.6.1-33.el4_7.1.s390.rpm s390x: enscript-1.6.1-33.el4_7.1.s390x.rpm enscript-debuginfo-1.6.1-33.el4_7.1.s390x.rpm x86_64: enscript-1.6.1-33.el4_7.1.x86_64.rpm enscript-debuginfo-1.6.1-33.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: enscript-1.6.1-33.el4_7.1.i386.rpm enscript-debuginfo-1.6.1-33.el4_7.1.i386.rpm x86_64: enscript-1.6.1-33.el4_7.1.x86_64.rpm enscript-debuginfo-1.6.1-33.el4_7.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: enscript-1.6.1-33.el4_7.1.i386.rpm enscript-debuginfo-1.6.1-33.el4_7.1.i386.rpm ia64: enscript-1.6.1-33.el4_7.1.ia64.rpm enscript-debuginfo-1.6.1-33.el4_7.1.ia64.rpm x86_64: enscript-1.6.1-33.el4_7.1.x86_64.rpm enscript-debuginfo-1.6.1-33.el4_7.1.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: enscript-1.6.1-33.el4_7.1.i386.rpm enscript-debuginfo-1.6.1-33.el4_7.1.i386.rpm ia64: enscript-1.6.1-33.el4_7.1.ia64.rpm enscript-debuginfo-1.6.1-33.el4_7.1.ia64.rpm x86_64: enscript-1.6.1-33.el4_7.1.x86_64.rpm enscript-debuginfo-1.6.1-33.el4_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://www.cve.org/CVERecord?id=CVE-2008-3863 https://www.cve.org/CVERecord?id=CVE-2008-4306 https://www.cve.org/CVERecord?id=CVE-2008-5078 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. . This notice pertains to a significant software vulnerability notification for Ubuntu Linux releases 16.04, 18.04, and 20.04.. enscript Security Update, Red Hat Advisory, Security Patch. . LinuxSecurity.com Team

Calendar 2 Dec 15, 2008 Red Hat
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybuffer overflowsecurity fix

SUSE Linux: SLE-2018:0012-01 Medium: Enscript Memory Leak

An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: enscript security update Advisory ID: RHSA-2008:1016-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2008:1016.html Issue date: 2008-12-15 CVE Names: CVE-2008-3863 CVE-2008-4306 ==================================================================== 1. Summary: An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Two buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the "special escapes" option (-e or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306) All users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update areavailable at 5. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: enscript-1.6.4-4.1.1.el5_2.i386.rpm enscript-debuginfo-1.6.4-4.1.1.el5_2.i386.rpm x86_64: enscript-1.6.4-4.1.1.el5_2.x86_64.rpm enscript-debuginfo-1.6.4-4.1.1.el5_2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: enscript-1.6.4-4.1.1.el5_2.i386.rpm enscript-debuginfo-1.6.4-4.1.1.el5_2.i386.rpm ia64: enscript-1.6.4-4.1.1.el5_2.ia64.rpm enscript-debuginfo-1.6.4-4.1.1.el5_2.ia64.rpm ppc: enscript-1.6.4-4.1.1.el5_2.ppc.rpm enscript-debuginfo-1.6.4-4.1.1.el5_2.ppc.rpm s390x: enscript-1.6.4-4.1.1.el5_2.s390x.rpm enscript-debuginfo-1.6.4-4.1.1.el5_2.s390x.rpm x86_64: enscript-1.6.4-4.1.1.el5_2.x86_64.rpm enscript-debuginfo-1.6.4-4.1.1.el5_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://www.cve.org/CVERecord?id=CVE-2008-3863 https://www.cve.org/CVERecord?id=CVE-2008-4306 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. . Ubuntu releases a patch for vim tackling critical vulnerabilities. Users urged to enhance system protection.. RedHat, Enscript, Security Update, Linux Update, Red Hat Enterprise. . LinuxSecurity.com Team

Calendar 2 Dec 15, 2008 Red Hat
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoobuffer overflow

Gentoo: GLSA-200812-02 Normal: Enscrip Arbitrary Code Execution Threat

Two buffer overflows in enscript might lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: enscript: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #243228 ID: 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Two buffer overflows in enscript might lead to the execution of arbitrary code. Background ========= enscript is a powerful ASCII to PostScript file converter. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/enscript < 1.6.4-r4 > = 1.6.4-r4 Description ========== Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the "setfilename" command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the "font" escape sequence (CVE-2008-4306). Impact ===== An attacker could entice a user or automated system to process specially crafted input with the special escapes processing enabled using the "-e" option, possibly resulting in the execution of arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All enscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/enscript-1.6.4-r4" References ========= [ 1 ] CVE-2008-3863 https://www.cve.org/CVERecord?id=CVE-2008-3863 [ 2 ] CVE-2008-4306 https://www.cve.org/CVERecord?id=CVE-2008-4306 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200812-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Mitigating stack overflow vulnerabilities in enscript is crucial to prevent untrusted code execution on Gentoo installations. Prompt patching is advised.. enscript Update,Gentoo Advisory,Buffer Overflow Fix. . LinuxSecurity.com Team

Calendar 2 Dec 02, 2008 Gentoo
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowcritical

Debian 4.0 DSA-1670-2 Urgent: Enscript Memory Corruption Issue

Ulf Harnhammer discovered that a buffer overflow may lead to the execution of arbitrary code.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1670-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : enscript Vulnerability : buffer overflows Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2008-3863 CVE-2008-4306 Several vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3863 Ulf Harnhammer discovered that a buffer overflow may lead to the execution of arbitrary code. CVE-2008-4306 Kees Cook and Tomas Hoger discovered that several buffer overflows may lead to the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.6.4-11.1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 1.6.4-13. We recommend that you upgrade your enscript package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Sourcearchives: Size/MD5 checksum: 91162 87e85119b278fa214b29f84eda3944a4 Size/MD5 checksum: 1036734 b5174b59e4a050fb462af5dbf28ebba3 Size/MD5 checksum: 631 b5e8009c5ef20c0bf2089e3c43881daf alpha architecture (DEC Alpha) Size/MD5 checksum: 538656 0de0747ee0addb4b63049fe3094075c0 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 536032 76e2edd41d8d4a9ba6e452b8e1bd9843 arm architecture (ARM) Size/MD5 checksum: 521436 b3caa29eb9859b77b8856a25b33693a1 hppa architecture (HP PA RISC) Size/MD5 checksum: 538552 01d9da109510c141db40f1136599c70f i386 architecture (Intel ia32) Size/MD5 checksum: 487696 a2d60b314df3903c55d427f6c30aa0b4 ia64 architecture (Intel ia64) Size/MD5 checksum: 549196 c072896a844917e6e60c086ed9ba71b2 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 533542 bd6b349e56a67a4a41bd59caf9786d69 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 501374 55ccfa56d3d38aabfdaad26fd2657a55 powerpc architecture (PowerPC) Size/MD5 checksum: 495706 c3b4cd868ec170ec4a54a0bf9d3a120c s390 architecture (IBM S/390) Size/MD5 checksum: 494972 4463a8cba45134de9358e4b2895258a7 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 523362 edcacb33c1b597c5d5c61a40947c893b These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance the security of the enscript package on your Debian system by following these vital steps to mitigate buffer overflow vulnerabilities and protect against exploits. Debian Package Fix, Enscript Buffer Overflow Risk, Code Execution Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 24, 2008 Important Debian
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryapacheenscript

SUSE 2008:024 Minor Fixes: Apache, Yelp, Enscript Issues Overview

To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2008:024 Date: Fri, 07 Nov 2008 14:00:00 +0000 Cross-References: CVE-2007-6420, CVE-2008-1678, CVE-2008-2939, CVE-2008-3533, CVE-2008-3863 Content of this advisory: 1) Solved Security Vulnerabilities: - yelp - apache2 - enscript - libcdaudio 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - yelp Package yelp was updated to fix a format string bug. (CVE-2008-3533) Affected products: openSUSE 11.0 - apache2 Missing sanity checks of FTP URLs allowed cross site scripting (XSS) attacks via the mod_proxy_ftp module (CVE-2008-2939). Missing precautions allowed cross site request forgery (CSRF) via the mod_proxy_balancer interface (CVE-2007-6420). A memory leak in the SSL module could crash apache (CVE-2008-1678) Affected products: openSUSE 10.2-11.0, SLES10, SLES9, NLD9, OES, NLPOS9, SLED - enscript This update of enscript fixes buffer overflows in the setfilename (CVE-2008-3863), process_file and read_special_escape function (CVE-2008-4306) that can be exploited during file processing. Affected products: openSUSE 10.2-11.0, SLES10, SLES9, NLD9, OES, NLPOS9, SLED - libcdaudio A remote attacker can modify a CDDB entry on a CDDB server or just intercept a connection from the CDDB client to the server to execute arbitrary code on the client machine. Affected products: openSUSE 10.2-11.0 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the firstinstallation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from This email address is being protected from spambots. You need JavaScript enabled to view it. with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . Overview highlights SUSE's minor security updates addressing various vulnerabilities across common applications.. openSUSE Security Updates,SUSE Minor Issues,Security Package Fixes,SUSEVulnerability Management. . LinuxSecurity.com Team

Calendar 2 Nov 07, 2008 SuSE
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorybuffer overflowFedora

Fedora 10: 2009-1293 Critical: Enscript Memory Leak Patch

There were found various buffer overflows in enscript. This update fixes CVE-2008-3863 and CVE-2008-4306. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2008-9372 2008-11-06 02:58:05 --------------------------------------------------------------------------------Name : enscript Product : Fedora 9 Version : 1.6.4 Release : 10.fc9 URL : Summary : A plain ASCII to PostScript converter. Description : GNU enscript is a free replacement for Adobe's Enscript program. Enscript converts ASCII files to PostScript(TM) and spools generated PostScript output to the specified printer or saves it to a file. Enscript can be extended to handle different output media and includes many options for customizing printouts. --------------------------------------------------------------------------------Update Information: There were found various buffer overflows in enscript. This update fixes CVE-2008-3863 and CVE-2008-4306 --------------------------------------------------------------------------------ChangeLog: * Mon Nov 3 2008 Adam Tkac 1.6.4-10 - fixed various buffer overflows (CVE-2008-3863, CVE-2008-4306) --------------------------------------------------------------------------------References: [ 1 ] Bug #466771 - CVE-2008-3863 enscript: "setfilename" special escape buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=466771 [ 2 ] Bug #469311 - CVE-2008-4306 enscript: "font" special escape buffer overflows https://bugzilla.redhat.com/show_bug.cgi?id=469311 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update enscript' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Important enhancement for enscript in Fedora 9 tackles buffer overflow vulnerabilities. Utilize yum for secure installation.. Buffer Overflow Issue, Enscript Update, Fedora 9 Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 05, 2008 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorybuffer overflowcritical

Fedora: 2023-4601 Urgent: Fix For Enscrip Buffer Overflow

There were found various buffer overflows in enscript. This update fixes CVE-2008-3863 and CVE-2008-4306. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2008-9351 2008-11-06 02:56:25 --------------------------------------------------------------------------------Name : enscript Product : Fedora 8 Version : 1.6.4 Release : 9.fc8 URL : Summary : A plain ASCII to PostScript converter. Description : GNU enscript is a free replacement for Adobe's Enscript program. Enscript converts ASCII files to PostScript(TM) and spools generated PostScript output to the specified printer or saves it to a file. Enscript can be extended to handle different output media and includes many options for customizing printouts. --------------------------------------------------------------------------------Update Information: There were found various buffer overflows in enscript. This update fixes CVE-2008-3863 and CVE-2008-4306 --------------------------------------------------------------------------------ChangeLog: * Mon Nov 3 2008 Adam Tkac 1.6.4-9 - fixed various buffer overflows (CVE-2008-3863, CVE-2008-4306) --------------------------------------------------------------------------------References: [ 1 ] Bug #466771 - CVE-2008-3863 enscript: "setfilename" special escape buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=466771 [ 2 ] Bug #469311 - CVE-2008-4306 enscript: "font" special escape buffer overflows https://bugzilla.redhat.com/show_bug.cgi?id=469311 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update enscript' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Important patch released for Fedora addressing vulnerabilities in enscript related to buffer overflows. Make sure to update to protect your system.. Fedora Update, Enscrip Fix, Overflows Security, Software Management, Critical Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 05, 2008 Critical Fedora
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here