| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Dec 2008 16:31:00 -0700 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2008:243 ] enscript -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:243 http://www.mandriva.com/security/ _______________________________________________________________________ Package : enscript Date : December 15, 2008 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Two buffer overflow vulnerabilities were discovered in GNU enscript, which could allow an attacker to execute arbitrary commands via a specially crafted ASCII file, if the file were opened with the -e or --escapes option enabled (CVE-2008-3863, CVE-2008-4306). The updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 3e6a1e5e1fbb01056290779845a373b9 2008.0/i586/enscript-1.6.4-8.1mdv2008.0.i586.rpm b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 79799132f835055cb1248827c7b20b1e 2008.0/x86_64/enscript-1.6.4-8.1mdv2008.0.x86_64.rpm b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm Mandriva Linux 2008.1: f756b4d3f93f90f8464f097eafd8c8fe 2008.1/i586/enscript-1.6.4-8.1mdv2008.1.i586.rpm 1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: ec5e16911668d5d426938e804c8ee213 2008.1/x86_64/enscript-1.6.4-8.1mdv2008.1.x86_64.rpm 1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 32c32ad7ce630cbf2822aecdc1bd43ec 2009.0/i586/enscript-1.6.4-8.1mdv2009.0.i586.rpm def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 9ec59f8cf2ee2754d3e5ce3ff8852d05 2009.0/x86_64/enscript-1.6.4-8.1mdv2009.0.x86_64.rpm def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm Corporate 3.0: c8d92ad1383eae7e3eb43af72f0e673a corporate/3.0/i586/enscript-1.6.4-1.2.C30mdk.i586.rpm 194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm Corporate 3.0/X86_64: afc5739e65128feced597669f7a68f3d corporate/3.0/x86_64/enscript-1.6.4-1.2.C30mdk.x86_64.rpm 194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJRrqqmqjQ0CJFipgRAhuGAKCWB9vqbe6cUOtii30YE115xVKV1ACfbM8C TRgbkjX8BKza8puysd47FuE= =d33X -----END PGP SIGNATURE-----
Powered by blists - more mailing lists