Oval Definition:oval:com.redhat.rhsa:def:20081016
Revision Date:2008-12-15Version:637
Title:RHSA-2008:1016: enscript security update (Moderate)
Description:GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts.

  • Two buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the "special escapes" option (-e or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306)

    All users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2008-3863
    CVE-2008-4306
    RHSA-2008:1016
    RHSA-2008:1016-01
    RHSA-2008:1016-01
    Platform(s):Red Hat Enterprise Linux 5
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND enscript is earlier than 0:1.6.4-4.1.1.el5_2
  • AND enscript is signed with Red Hat redhatrelease2 key
  • BACK