United States : 
Unknown Browser
www.ltdw.net 
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2008:243 ] enscript
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2008:243 ] enscript
| [Security Announce] [ MDVSA-2008:243 ] enscript |
 |
 |
 |
(0 Votes)| Écrit par Administrator |
| Mardi, 16 Décembre 2008 10:50 |
|
_______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:243 http://www.mandriva.com/security/ _______________________________________________________________________ Package : enscript Date : December 15, 2008 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Two buffer overflow vulnerabilities were discovered in GNU enscript, which could allow an attacker to execute arbitrary commands via a specially crafted ASCII file, if the file were opened with the -e or --escapes option enabled (CVE-2008-3863, CVE-2008-4306). The updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 3e6a1e5e1fbb01056290779845a373b9 2008.0/i586/enscript-1.6.4-8.1mdv2008.0.i586.rpm b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 79799132f835055cb1248827c7b20b1e 2008.0/x86_64/enscript-1.6.4-8.1mdv2008.0.x86_64.rpm b21fd35a6615db96a1e43251039cbf41 2008.0/SRPMS/enscript-1.6.4-8.1mdv2008.0.src.rpm Mandriva Linux 2008.1: f756b4d3f93f90f8464f097eafd8c8fe 2008.1/i586/enscript-1.6.4-8.1mdv2008.1.i586.rpm 1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: ec5e16911668d5d426938e804c8ee213 2008.1/x86_64/enscript-1.6.4-8.1mdv2008.1.x86_64.rpm 1a9997a113cf48cf6bc5cfd13e5229a1 2008.1/SRPMS/enscript-1.6.4-8.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 32c32ad7ce630cbf2822aecdc1bd43ec 2009.0/i586/enscript-1.6.4-8.1mdv2009.0.i586.rpm def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 9ec59f8cf2ee2754d3e5ce3ff8852d05 2009.0/x86_64/enscript-1.6.4-8.1mdv2009.0.x86_64.rpm def3dc106c558ccf211db5937b7c0e99 2009.0/SRPMS/enscript-1.6.4-8.1mdv2009.0.src.rpm Corporate 3.0: c8d92ad1383eae7e3eb43af72f0e673a corporate/3.0/i586/enscript-1.6.4-1.2.C30mdk.i586.rpm 194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm Corporate 3.0/X86_64: afc5739e65128feced597669f7a68f3d corporate/3.0/x86_64/enscript-1.6.4-1.2.C30mdk.x86_64.rpm 194eb371d6966552a1c945e01d649057 corporate/3.0/SRPMS/enscript-1.6.4-1.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ 
|
