Red Hat Customer Portal

Skip to main content

Security Advisory Moderate: enscript security update

Advisory: RHSA-2008:1021-2
Type: Security Advisory
Severity: Moderate
Issued on: 2008-12-15
Last updated on: 2008-12-15
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2008-3863
CVE-2008-4306
CVE-2008-5078

Details

An updated enscript packages that fixes several security issues is now
available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

GNU enscript converts ASCII files to PostScript(R) language files and
spools the generated output to a specified printer or saves it to a file.
Enscript can be extended to handle different output media and includes
options for customizing printouts.

Several buffer overflow flaws were found in GNU enscript. An attacker could
craft an ASCII file in such a way that it could execute arbitrary commands
if the file was opened with enscript with the "special escapes" option (-e
or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306, CVE-2008-5078)

All users of enscript should upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
enscript-1.6.1-24.7.src.rpm     MD5: 6d78e930e677ff2f10056304872de291
 
IA-32:
enscript-1.6.1-24.7.i386.rpm     MD5: 35c155c635ae9eec0157ab300535377c
 
x86_64:
enscript-1.6.1-24.7.x86_64.rpm     MD5: b949f3f34015b74275734e3c87445627
 
Red Hat Desktop (v. 4)

SRPMS:
enscript-1.6.1-33.el4_7.1.src.rpm     MD5: ab7fd2db080509dee48b90bc6eb3ab4c
 
IA-32:
enscript-1.6.1-33.el4_7.1.i386.rpm     MD5: 8531565d88f846c1faef1d76d29fa34e
 
x86_64:
enscript-1.6.1-33.el4_7.1.x86_64.rpm     MD5: af82d5302bdc2a80524ca48915765520
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
enscript-1.6.1-16.7.src.rpm     MD5: aee672acc119f3ef222ecfcbdfe69f24
 
IA-32:
enscript-1.6.1-16.7.i386.rpm     MD5: cc25e181a931ff05e13b07994b5e8097
 
IA-64:
enscript-1.6.1-16.7.ia64.rpm     MD5: 5ea3546a06422870be01ecaf0a8cae00
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
enscript-1.6.1-24.7.src.rpm     MD5: 6d78e930e677ff2f10056304872de291
 
IA-32:
enscript-1.6.1-24.7.i386.rpm     MD5: 35c155c635ae9eec0157ab300535377c
 
IA-64:
enscript-1.6.1-24.7.ia64.rpm     MD5: 3d46d9b286b2fccf867a0bbd1d206742
 
PPC:
enscript-1.6.1-24.7.ppc.rpm     MD5: f7d5338038eb4df7ed5e189845e4159e
 
s390:
enscript-1.6.1-24.7.s390.rpm     MD5: 62c1c379b92e4f9c288997787e65108d
 
s390x:
enscript-1.6.1-24.7.s390x.rpm     MD5: c9ccf04e0629cfcc34d80c9943778fc9
 
x86_64:
enscript-1.6.1-24.7.x86_64.rpm     MD5: b949f3f34015b74275734e3c87445627
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
enscript-1.6.1-33.el4_7.1.src.rpm     MD5: ab7fd2db080509dee48b90bc6eb3ab4c
 
IA-32:
enscript-1.6.1-33.el4_7.1.i386.rpm     MD5: 8531565d88f846c1faef1d76d29fa34e
 
IA-64:
enscript-1.6.1-33.el4_7.1.ia64.rpm     MD5: b455c7348abaec210b62d07c433dd0c6
 
PPC:
enscript-1.6.1-33.el4_7.1.ppc.rpm     MD5: 336fe61a9c667901c0296eef13b19147
 
s390:
enscript-1.6.1-33.el4_7.1.s390.rpm     MD5: 334cbefe010fadca3b1965f0201ebb47
 
s390x:
enscript-1.6.1-33.el4_7.1.s390x.rpm     MD5: ddc63b94326a932637341447735da69f
 
x86_64:
enscript-1.6.1-33.el4_7.1.x86_64.rpm     MD5: af82d5302bdc2a80524ca48915765520
 
Red Hat Enterprise Linux AS (v. 4.7.z)

SRPMS:
enscript-1.6.1-33.el4_7.1.src.rpm     MD5: ab7fd2db080509dee48b90bc6eb3ab4c
 
IA-32:
enscript-1.6.1-33.el4_7.1.i386.rpm     MD5: 8531565d88f846c1faef1d76d29fa34e
 
IA-64:
enscript-1.6.1-33.el4_7.1.ia64.rpm     MD5: b455c7348abaec210b62d07c433dd0c6
 
PPC:
enscript-1.6.1-33.el4_7.1.ppc.rpm     MD5: 336fe61a9c667901c0296eef13b19147
 
s390:
enscript-1.6.1-33.el4_7.1.s390.rpm     MD5: 334cbefe010fadca3b1965f0201ebb47
 
s390x:
enscript-1.6.1-33.el4_7.1.s390x.rpm     MD5: ddc63b94326a932637341447735da69f
 
x86_64:
enscript-1.6.1-33.el4_7.1.x86_64.rpm     MD5: af82d5302bdc2a80524ca48915765520
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
enscript-1.6.1-16.7.src.rpm     MD5: aee672acc119f3ef222ecfcbdfe69f24
 
IA-32:
enscript-1.6.1-16.7.i386.rpm     MD5: cc25e181a931ff05e13b07994b5e8097
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
enscript-1.6.1-24.7.src.rpm     MD5: 6d78e930e677ff2f10056304872de291
 
IA-32:
enscript-1.6.1-24.7.i386.rpm     MD5: 35c155c635ae9eec0157ab300535377c
 
IA-64:
enscript-1.6.1-24.7.ia64.rpm     MD5: 3d46d9b286b2fccf867a0bbd1d206742
 
x86_64:
enscript-1.6.1-24.7.x86_64.rpm     MD5: b949f3f34015b74275734e3c87445627
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
enscript-1.6.1-33.el4_7.1.src.rpm     MD5: ab7fd2db080509dee48b90bc6eb3ab4c
 
IA-32:
enscript-1.6.1-33.el4_7.1.i386.rpm     MD5: 8531565d88f846c1faef1d76d29fa34e
 
IA-64:
enscript-1.6.1-33.el4_7.1.ia64.rpm     MD5: b455c7348abaec210b62d07c433dd0c6
 
x86_64:
enscript-1.6.1-33.el4_7.1.x86_64.rpm     MD5: af82d5302bdc2a80524ca48915765520
 
Red Hat Enterprise Linux ES (v. 4.7.z)

SRPMS:
enscript-1.6.1-33.el4_7.1.src.rpm     MD5: ab7fd2db080509dee48b90bc6eb3ab4c
 
IA-32:
enscript-1.6.1-33.el4_7.1.i386.rpm     MD5: 8531565d88f846c1faef1d76d29fa34e
 
IA-64:
enscript-1.6.1-33.el4_7.1.ia64.rpm     MD5: b455c7348abaec210b62d07c433dd0c6
 
x86_64:
enscript-1.6.1-33.el4_7.1.x86_64.rpm     MD5: af82d5302bdc2a80524ca48915765520
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
enscript-1.6.1-16.7.src.rpm     MD5: aee672acc119f3ef222ecfcbdfe69f24
 
IA-32:
enscript-1.6.1-16.7.i386.rpm     MD5: cc25e181a931ff05e13b07994b5e8097
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
enscript-1.6.1-24.7.src.rpm     MD5: 6d78e930e677ff2f10056304872de291
 
IA-32:
enscript-1.6.1-24.7.i386.rpm     MD5: 35c155c635ae9eec0157ab300535377c
 
IA-64:
enscript-1.6.1-24.7.ia64.rpm     MD5: 3d46d9b286b2fccf867a0bbd1d206742
 
x86_64:
enscript-1.6.1-24.7.x86_64.rpm     MD5: b949f3f34015b74275734e3c87445627
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
enscript-1.6.1-33.el4_7.1.src.rpm     MD5: ab7fd2db080509dee48b90bc6eb3ab4c
 
IA-32:
enscript-1.6.1-33.el4_7.1.i386.rpm     MD5: 8531565d88f846c1faef1d76d29fa34e
 
IA-64:
enscript-1.6.1-33.el4_7.1.ia64.rpm     MD5: b455c7348abaec210b62d07c433dd0c6
 
x86_64:
enscript-1.6.1-33.el4_7.1.x86_64.rpm     MD5: af82d5302bdc2a80524ca48915765520
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
enscript-1.6.1-16.7.src.rpm     MD5: aee672acc119f3ef222ecfcbdfe69f24
 
IA-64:
enscript-1.6.1-16.7.ia64.rpm     MD5: 5ea3546a06422870be01ecaf0a8cae00
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

466771 - CVE-2008-3863 enscript: "setfilename" special escape buffer overflow
469311 - CVE-2008-4306 enscript: "font" special escape buffer overflows
473958 - CVE-2008-5078 enscript: "epsf" special escape buffer overflows


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/