RHSA-2008:1021 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: enscript security update

Type/Severity

Security Advisory: Moderate

Topic

An updated enscript packages that fixes several security issues is now
available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

GNU enscript converts ASCII files to PostScript(R) language files and
spools the generated output to a specified printer or saves it to a file.
Enscript can be extended to handle different output media and includes
options for customizing printouts.

Several buffer overflow flaws were found in GNU enscript. An attacker could
craft an ASCII file in such a way that it could execute arbitrary commands
if the file was opened with enscript with the "special escapes" option (-e
or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306, CVE-2008-5078)

All users of enscript should upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.7 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.7 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc

Fixes

BZ - 466771 - CVE-2008-3863 enscript: "setfilename" special escape buffer overflow
BZ - 469311 - CVE-2008-4306 enscript: "font" special escape buffer overflows
BZ - 473958 - CVE-2008-5078 enscript: "epsf" special escape buffer overflows

CVEs

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
enscript-1.6.1-33.el4_7.1.x86_64.rpm	SHA-256: c09b84f2cc8aa119aacb5e1f08dc264d84a5140f1317a9bdee8b3819b7b9374d
enscript-1.6.1-33.el4_7.1.x86_64.rpm	SHA-256: c09b84f2cc8aa119aacb5e1f08dc264d84a5140f1317a9bdee8b3819b7b9374d
ia64
enscript-1.6.1-33.el4_7.1.ia64.rpm	SHA-256: 5769013b674954c6a4b9ed1133dc68070f34f56098a5ba471c35db9a879be02f
enscript-1.6.1-33.el4_7.1.ia64.rpm	SHA-256: 5769013b674954c6a4b9ed1133dc68070f34f56098a5ba471c35db9a879be02f
i386
enscript-1.6.1-33.el4_7.1.i386.rpm	SHA-256: f1117ad12d47ef42ba86fb73a92df3ac99fbec31bfaf8fc75840afdce99e772f
enscript-1.6.1-33.el4_7.1.i386.rpm	SHA-256: f1117ad12d47ef42ba86fb73a92df3ac99fbec31bfaf8fc75840afdce99e772f

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Server - Extended Update Support 4.7

SRPM
x86_64
enscript-1.6.1-33.el4_7.1.x86_64.rpm	SHA-256: c09b84f2cc8aa119aacb5e1f08dc264d84a5140f1317a9bdee8b3819b7b9374d
enscript-1.6.1-33.el4_7.1.x86_64.rpm	SHA-256: c09b84f2cc8aa119aacb5e1f08dc264d84a5140f1317a9bdee8b3819b7b9374d
ia64
enscript-1.6.1-33.el4_7.1.ia64.rpm	SHA-256: 5769013b674954c6a4b9ed1133dc68070f34f56098a5ba471c35db9a879be02f
enscript-1.6.1-33.el4_7.1.ia64.rpm	SHA-256: 5769013b674954c6a4b9ed1133dc68070f34f56098a5ba471c35db9a879be02f
i386
enscript-1.6.1-33.el4_7.1.i386.rpm	SHA-256: f1117ad12d47ef42ba86fb73a92df3ac99fbec31bfaf8fc75840afdce99e772f
enscript-1.6.1-33.el4_7.1.i386.rpm	SHA-256: f1117ad12d47ef42ba86fb73a92df3ac99fbec31bfaf8fc75840afdce99e772f

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
enscript-1.6.1-33.el4_7.1.x86_64.rpm	SHA-256: c09b84f2cc8aa119aacb5e1f08dc264d84a5140f1317a9bdee8b3819b7b9374d
ia64
enscript-1.6.1-33.el4_7.1.ia64.rpm	SHA-256: 5769013b674954c6a4b9ed1133dc68070f34f56098a5ba471c35db9a879be02f
i386
enscript-1.6.1-33.el4_7.1.i386.rpm	SHA-256: f1117ad12d47ef42ba86fb73a92df3ac99fbec31bfaf8fc75840afdce99e772f

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
enscript-1.6.1-33.el4_7.1.x86_64.rpm	SHA-256: c09b84f2cc8aa119aacb5e1f08dc264d84a5140f1317a9bdee8b3819b7b9374d
i386
enscript-1.6.1-33.el4_7.1.i386.rpm	SHA-256: f1117ad12d47ef42ba86fb73a92df3ac99fbec31bfaf8fc75840afdce99e772f

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
enscript-1.6.1-33.el4_7.1.s390x.rpm	SHA-256: 3a863ded6b62b2a05cd6e15baf212b70dbba3f0508c40bba29929e9fe218eeab
s390
enscript-1.6.1-33.el4_7.1.s390.rpm	SHA-256: a3b9bfc1ba058c18355e7a0219314fc6efb90ff22ddf8ff2d4c635bb5a659dfb

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
s390x
enscript-1.6.1-33.el4_7.1.s390x.rpm	SHA-256: 3a863ded6b62b2a05cd6e15baf212b70dbba3f0508c40bba29929e9fe218eeab
s390
enscript-1.6.1-33.el4_7.1.s390.rpm	SHA-256: a3b9bfc1ba058c18355e7a0219314fc6efb90ff22ddf8ff2d4c635bb5a659dfb

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
enscript-1.6.1-33.el4_7.1.ppc.rpm	SHA-256: 7dcd434c8750cc048f4ed38654f38d60a89a6e79fd75df0b240f8ca2c16eba51

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
ppc
enscript-1.6.1-33.el4_7.1.ppc.rpm	SHA-256: 7dcd434c8750cc048f4ed38654f38d60a89a6e79fd75df0b240f8ca2c16eba51

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.