MDVSA-2008:243
- Package name
- enscript
- Date
- 2008-12-15
- Advisory ID
- MDVSA-2008:243
- Affected versions
- 2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586
Problem description
Two buffer overflow vulnerabilities were discovered in GNU enscript,
which could allow an attacker to execute arbitrary commands via a
specially crafted ASCII file, if the file were opened with the -e or
--escapes option enabled (CVE-2008-3863, CVE-2008-4306).
The updated packages have been patched to prevent these issues.
Updated packages
2009.0 x86_64
9ec59f8cf2ee2754d3e5ce3ff8852d05 2009.0/x86_64/enscript-1.6.4-8.1mdv2009.0.x86_64.rpm def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm
2008.0 i586
3e6a1e5e1fbb01056290779845a373b9 2008.0/i586/enscript-1.6.4-8.1mdv2008.0.i586.rpm b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm
2009.0 i586
32c32ad7ce630cbf2822aecdc1bd43ec 2009.0/i586/enscript-1.6.4-8.1mdv2009.0.i586.rpm def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm
CS3.0 x86_64
afc5739e65128feced597669f7a68f3d corporate/3.0/x86_64/enscript-1.6.4-1.2.C30mdk.x86_64.rpm 194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm
2008.0 x86_64
79799132f835055cb1248827c7b20b1e 2008.0/x86_64/enscript-1.6.4-8.1mdv2008.0.x86_64.rpm b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm
CS3.0 i586
c8d92ad1383eae7e3eb43af72f0e673a corporate/3.0/i586/enscript-1.6.4-1.2.C30mdk.i586.rpm 194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm
2008.1 x86_64
ec5e16911668d5d426938e804c8ee213 2008.1/x86_64/enscript-1.6.4-8.1mdv2008.1.x86_64.rpm 1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm
2008.1 i586
f756b4d3f93f90f8464f097eafd8c8fe 2008.1/i586/enscript-1.6.4-8.1mdv2008.1.i586.rpm 1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm