---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-015
2005-01-26
---------------------------------------------------------------------Product     : Fedora Core 2
Name        : enscript
Version     : 1.6.1                     =20
Release     : 25.2                 =20
Summary     : A plain ASCII to PostScript converter.
Description :
GNU enscript is a free replacement for Adobe's Enscript
program. Enscript converts ASCII files to PostScript(TM) and spools
generated PostScript output to the specified printer or saves it to a
file. Enscript can be extended to handle different output media and
includes many options for customizing printouts.

---------------------------------------------------------------------Update Information:

Erik Sj=F6lund has discovered several security relevant problems in
enscript, a program to converts ASCII text to Postscript and other
formats.  The Common Vulnerabilities and Exposures project identifies
the following vulnerabilities:

CAN-2004-1184

    Unsanitised input can caues the execution of arbitrary commands
    via EPSF pipe support.  This has been disabled, also upstream.

CAN-2004-1185

    Due to missing sanitising of filenames it is possible that a
    specially crafted filename can cause arbitrary commands to be
    executed.

CAN-2004-1186

    Multiple buffer overflows can cause the program to crash.

---------------------------------------------------------------------* Mon Jan 24 2005 Tim Waugh  1.6.1-25.2

- Fixed patch for CAN-2004-1186 (bug #114684).

* Tue Jan 11 2005 Tim Waugh  1.6.1-25.1

- Added patch to fix CAN-2004-1186 (bug #114684).
- Added patch to fix CAN-2004-1185 (bug #114684).
- Backported patch to fix CAN-2004-1184 (bug #114684).


---------------------------------------------------------------------This update can be downloaded from:
  
aa8a46ea612edcccad9c3a90812e7b87  SRPMS/enscript-1.6.1-25.2.src.rpm
333674557f54bd9e05ad7b57e91ccd97  x86_64/enscript-1.6.1-25.2.x86_64.rpm
d1042af5d9397370d41170d06ce07d23  x86_64/debug/enscript-debuginfo-1.6.1-25.2.x86_64.rpm
d42a75862ed92f3a01840c42cc476a45  i386/enscript-1.6.1-25.2.i386.rpm
15dab7f96309408804dc89b233984dbe  i386/debug/enscript-debuginfo-1.6.1-25.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
---------------------------------------------------------------------
--jefwvkmz5Z4uFxYh
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB94DoHU/d4jnpWe0RAim8AJ9VZblYzn8ggjRImehaefclx1BsvACglHwM
39HSCb+7fQ6OWKfiZLy/Ppo=apJM
-----END PGP SIGNATURE-------jefwvkmz5Z4uFxYh--
--===============1588848315=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 2 Update: enscript-1.6.1-25.2

January 26, 2005
Several security relevant problems in enscript, a program to converts ASCII text to Postscript and other formats.

Summary

GNU enscript is a free replacement for Adobe's Enscript

program. Enscript converts ASCII files to PostScript(TM) and spools

generated PostScript output to the specified printer or saves it to a

file. Enscript can be extended to handle different output media and

includes many options for customizing printouts.

Erik Sj=F6lund has discovered several security relevant problems in

enscript, a program to converts ASCII text to Postscript and other

formats. The Common Vulnerabilities and Exposures project identifies

the following vulnerabilities:

CAN-2004-1184

Unsanitised input can caues the execution of arbitrary commands

via EPSF pipe support. This has been disabled, also upstream.

CAN-2004-1185

Due to missing sanitising of filenames it is possible that a

specially crafted filename can cause arbitrary commands to be

executed.

CAN-2004-1186

Multiple buffer overflows can cause the program to crash.

- Fixed patch for CAN-2004-1186 (bug #114684).

* Tue Jan 11 2005 Tim Waugh 1.6.1-25.1

- Added patch to fix CAN-2004-1186 (bug #114684).

- Added patch to fix CAN-2004-1185 (bug #114684).

- Backported patch to fix CAN-2004-1184 (bug #114684).

aa8a46ea612edcccad9c3a90812e7b87 SRPMS/enscript-1.6.1-25.2.src.rpm

333674557f54bd9e05ad7b57e91ccd97 x86_64/enscript-1.6.1-25.2.x86_64.rpm

d1042af5d9397370d41170d06ce07d23 x86_64/debug/enscript-debuginfo-1.6.1-25.2.x86_64.rpm

d42a75862ed92f3a01840c42cc476a45 i386/enscript-1.6.1-25.2.i386.rpm

15dab7f96309408804dc89b233984dbe i386/debug/enscript-debuginfo-1.6.1-25.2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command. =20

--jefwvkmz5Z4uFxYh

Content-Type: application/pgp-signature

Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB94DoHU/d4jnpWe0RAim8AJ9VZblYzn8ggjRImehaefclx1BsvACglHwM

39HSCb+7fQ6OWKfiZLy/Ppo=apJM

-----END PGP SIGNATURE-------jefwvkmz5Z4uFxYh--

--===============1588848315=Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Content-Disposition: inline

--fedora-announce-list mailing list

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : enscript
Version : 1.6.1 =20
Release : 25.2 =20
Summary : A plain ASCII to PostScript converter.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved