RedHatRHSA-2005:039(RHSA-2005:039) enscript security update
0.023 Low
EPSS
Percentile
89.8%
GNU enscript converts ASCII files to PostScript.
Enscript has the ability to interpret special escape sequences. A flaw was
found in the handling of the epsf command used to insert inline EPS files
into a document. An attacker could create a carefully crafted ASCII file
which made use of the epsf pipe command in such a way that it could execute
arbitrary commands if the file was opened with enscript by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-1184 to this issue.
Additional flaws in Enscript were also discovered which can only be
triggered by executing enscript with carefully crafted command line
arguments. These flaws therefore only have a security impact if enscript
is executed by other programs and passed untrusted data from remote users.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-1185 and CAN-2004-1186 to these issues.
All users of enscript should upgrade to these updated packages, which
resolve these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ia64 | enscript | < 1.6.1-16.5 | enscript-1.6.1-16.5.ia64.rpm |
| RedHat | any | i386 | enscript | < 1.6.1-16.5 | enscript-1.6.1-16.5.i386.rpm |
| RedHat | any | x86_64 | enscript | < 1.6.1-24.4 | enscript-1.6.1-24.4.x86_64.rpm |
| RedHat | any | s390 | enscript | < 1.6.1-24.4 | enscript-1.6.1-24.4.s390.rpm |
| RedHat | any | ppc | enscript | < 1.6.1-24.4 | enscript-1.6.1-24.4.ppc.rpm |
| RedHat | any | ia64 | enscript | < 1.6.1-24.4 | enscript-1.6.1-24.4.ia64.rpm |
| RedHat | any | s390x | enscript | < 1.6.1-24.4 | enscript-1.6.1-24.4.s390x.rpm |
| RedHat | any | i386 | enscript | < 1.6.1-24.4 | enscript-1.6.1-24.4.i386.rpm |
Related
