Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Fedora » enscript 1.6.1 updates

enscript 1.6.1 updates

Erik Sjölund has discovered several security relevant problems in enscript, a program to converts ASCII text to Postscript and other formats. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2004-1184 Unsanitised input can caues the execution of arbitrary commands via EPSF pipe support. This has been disabled, also upstream. CAN-2004-1185 Due to missing sanitising of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. CAN-2004-1186 Multiple buffer overflows can cause the program to crash.

  • Vendor: Fedora
  • Vendor ID: FEDORA-2005-016
  • Date: January 26, 2005


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-016
2005-01-26
---------------------------------------------------------------------

Product : Fedora Core 3
Name : enscript
Version : 1.6.1
Release : 28.0.2
Summary : A plain ASCII to PostScript converter.
Description :
GNU enscript is a free replacement for Adobe's Enscript
program. Enscript converts ASCII files to PostScript(TM) and spools
generated PostScript output to the specified printer or saves it to a
file. Enscript can be extended to handle different output media and
includes many options for customizing printouts.

---------------------------------------------------------------------
Update Information:

Erik Sjölund has discovered several security relevant problems in
enscript, a program to converts ASCII text to Postscript and other
formats. The Common Vulnerabilities and Exposures project identifies
the following vulnerabilities:

CAN-2004-1184

Unsanitised input can caues the execution of arbitrary commands
via EPSF pipe support. This has been disabled, also upstream.

CAN-2004-1185

Due to missing sanitising of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be
executed.

CAN-2004-1186

Multiple buffer overflows can cause the program to crash.

---------------------------------------------------------------------
* Mon Jan 24 2005 Tim Waugh <[email protected]> 1.6.1-28.0.2

- Fixed patch for CAN-2004-1186 (bug #114684).

* Tue Jan 11 2005 Tim Waugh <[email protected]> 1.6.1-28.0.1

- Added patch to fix CAN-2004-1186 (bug #114684).
- Added patch to fix CAN-2004-1185 (bug #114684).
- Backported patch to fix CAN-2004-1184 (bug #114684).


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/u...

64cf1cd8caf430620476ff974c243829 SRPMS/enscript-1.6.1-28.0.2.src.rpm
233b8d840cfcc8d17286421e4ce0e868 x86_64/enscript-1.6.1-28.0.2.x86_64.rpm
11834dbe6435a1944da492a91f6a0bb1
x86_64/debug/enscript-debuginfo-1.6.1-28.0.2.x86_64.rpm
97e0027f6d54ca9575e816ba47ee5e0e i386/enscript-1.6.1-28.0.2.i386.rpm
ad12163e561ab7e16637fb75690633d4
i386/debug/enscript-debuginfo-1.6.1-28.0.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


--
fedora-announce-list mailing list
[email protected]
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »