GNU enscript converts ASCII files to PostScript.
Enscript has the ability to interpret special escape sequences. A flaw was
found in the handling of the epsf command used to insert inline EPS files
into a document. An attacker could create a carefully crafted ASCII file
which made use of the epsf pipe command in such a way that it could execute
arbitrary commands if the file was opened with enscript by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-1184 to this issue.
Additional flaws in Enscript were also discovered which can only be
triggered by executing enscript with carefully crafted command line
arguments. These flaws therefore only have a security impact if enscript
is executed by other programs and passed untrusted data from remote users.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-1185 and CAN-2004-1186 to these issues.
All users of enscript should upgrade to these updated packages, which
contain backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | enscript | < 1.6.1-28.3 | enscript-1.6.1-28.3.ppc.rpm |
RedHat | any | s390x | enscript | < 1.6.1-28.3 | enscript-1.6.1-28.3.s390x.rpm |
RedHat | any | s390 | enscript | < 1.6.1-28.3 | enscript-1.6.1-28.3.s390.rpm |
RedHat | any | i386 | enscript | < 1.6.1-28.3 | enscript-1.6.1-28.3.i386.rpm |
RedHat | any | x86_64 | enscript | < 1.6.1-28.3 | enscript-1.6.1-28.3.x86_64.rpm |
RedHat | any | src | enscript | < 1.6.1-28.3 | enscript-1.6.1-28.3.src.rpm |
RedHat | any | ia64 | enscript | < 1.6.1-28.3 | enscript-1.6.1-28.3.ia64.rpm |