Advisories | Mandriva

Package name	enscript
Date	December 15th, 2008
Advisory ID	MDVSA-2008:243
Affected versions	CS3.0, 2008.0, 2008.1, 2009.0

Problem Description

Two buffer overflow vulnerabilities were discovered in GNU enscript,
which could allow an attacker to execute arbitrary commands via a
specially crafted ASCII file, if the file were opened with the -e or
--escapes option enabled (CVE-2008-3863, CVE-2008-4306).

The updated packages have been patched to prevent these issues.

Updated Packages

Corporate Server 3.0

 c8d92ad1383eae7e3eb43af72f0e673a  corporate/3.0/i586/enscript-1.6.4-1.2.C30mdk.i586.rpm 
 194eb371d6966552a1c945e01d649057  corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 afc5739e65128feced597669f7a68f3d  corporate/3.0/x86_64/enscript-1.6.4-1.2.C30mdk.x86_64.rpm 
 194eb371d6966552a1c945e01d649057  corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm

Mandriva Linux 2008.0

 3e6a1e5e1fbb01056290779845a373b9  2008.0/i586/enscript-1.6.4-8.1mdv2008.0.i586.rpm 
 b21fd35a6615db96a1e43251039cbf41  2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64

 79799132f835055cb1248827c7b20b1e  2008.0/x86_64/enscript-1.6.4-8.1mdv2008.0.x86_64.rpm 
 b21fd35a6615db96a1e43251039cbf41  2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm

Mandriva Linux 2008.1

 f756b4d3f93f90f8464f097eafd8c8fe  2008.1/i586/enscript-1.6.4-8.1mdv2008.1.i586.rpm 
 1a9997a113cf48cf6bc5cfd13e5229a1  2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64

 ec5e16911668d5d426938e804c8ee213  2008.1/x86_64/enscript-1.6.4-8.1mdv2008.1.x86_64.rpm 
 1a9997a113cf48cf6bc5cfd13e5229a1  2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm

Mandriva Linux 2009.0

 32c32ad7ce630cbf2822aecdc1bd43ec  2009.0/i586/enscript-1.6.4-8.1mdv2009.0.i586.rpm 
 def3dc106c558ccf211db5937b7c0e99  2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64

 9ec59f8cf2ee2754d3e5ce3ff8852d05  2009.0/x86_64/enscript-1.6.4-8.1mdv2009.0.x86_64.rpm 
 def3dc106c558ccf211db5937b7c0e99  2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.