LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: enscript vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Ulf Härnhammar discovered multiple stack overflows in enscript's handling of special escape arguments. If a user or automated system were tricked into processing a malicious file with the "-e" option enabled, a remote attacker could execute arbitrary code or cause enscript to crash, possibly leading to a denial of service.
===========================================================
Ubuntu Security Notice USN-660-1          November 03, 2008
enscript vulnerability
CVE-2008-3863, CVE-2008-4306
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  enscript                        1.6.4-7ubuntu0.2

Ubuntu 7.10:
  enscript                        1.6.4-11ubuntu0.2

Ubuntu 8.04 LTS:
  enscript                        1.6.4-12ubuntu0.8.04.1

Ubuntu 8.10:
  enscript                        1.6.4-12ubuntu0.8.10.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Ulf Härnhammar discovered multiple stack overflows in enscript's handling of
special escape arguments.  If a user or automated system were tricked into
processing a malicious file with the "-e" option enabled, a remote attacker
could execute arbitrary code or cause enscript to crash, possibly leading
to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2.diff.gz
      Size/MD5:    21257 099ec23f341d2d17283bde9b36942ab6
    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2.dsc
      Size/MD5:      674 432f64fe62d7d29e13872525726cb032
    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4.orig.tar.gz
      Size/MD5:  1036734 b5174b59e4a050fb462af5dbf28ebba3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2_amd64.deb
      Size/MD5:   423482 636c62e47e3e73b9389b47bfcc8c6647

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2_i386.deb
      Size/MD5:   405530 41f6c81e90905043fa9018d8f4e30457

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2_powerpc.deb
      Size/MD5:   419126 6c80126f37f4800f0507329dd6bb0aa3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2_sparc.deb
      Size/MD5:   411222 47084632ebb468a3d13f52dcee9dd977

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2.diff.gz
      Size/MD5:    91026 c788b4b331ad7ddd6a2743ae27f725a4
    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2.dsc
      Size/MD5:      767 084a84daf7f8b47f2ac3bf3debb995ea
    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4.orig.tar.gz
      Size/MD5:  1036734 b5174b59e4a050fb462af5dbf28ebba3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_amd64.deb
      Size/MD5:   425468 5f020fcebfffb46ed32cc6ae50939972

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_i386.deb
      Size/MD5:   411500 3f7ebb92b6a87efce2ec18ad2cbed2d3

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_lpia.deb
      Size/MD5:   414372 3630143c4898a99a48a13bd5899f003c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_powerpc.deb
      Size/MD5:   424744 bbd80756d675ae285b7bfec9992fbc55

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_sparc.deb
      Size/MD5:   415382 f665b649a786296363e17fd6f560bb0f

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1.diff.gz
      Size/MD5:    93119 62c2bd2cef254af68bd2fa0c7d1d36f3
    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1.dsc
      Size/MD5:      774 7cb02960688d0e9fb17f30bc7932577e
    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4.orig.tar.gz
      Size/MD5:  1036734 b5174b59e4a050fb462af5dbf28ebba3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_amd64.deb
      Size/MD5:   425882 56b5c201eba9f4ccba832d9de0277b6a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_i386.deb
      Size/MD5:   412426 7e5bd9e9ed8d8a69e01f112ace8bf9d8

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_lpia.deb
      Size/MD5:   414800 6c3584e7ca1dc88917d3f24298cbd78b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   426356 c9efe8d867bdcf618857c2eb6a140d6b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_sparc.deb
      Size/MD5:   415802 0d13cb614bbaefb045515c3ac223c5a6

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1.diff.gz
      Size/MD5:    93116 0338194240bae030e8150e47ac40208d
    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1.dsc
      Size/MD5:     1188 ac3234ebd2b48790ac95d4d1baae83e8
    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4.orig.tar.gz
      Size/MD5:  1036734 b5174b59e4a050fb462af5dbf28ebba3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_amd64.deb
      Size/MD5:   428584 64a869b979b5d62ff169b68e322ae43f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_i386.deb
      Size/MD5:   415574 25eb8ba34f468dd58a6ddf607d54e434

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_lpia.deb
      Size/MD5:   416772 9ec0d324ce07b50261acc2896618a46f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   426934 5aa206fa2bee1d271672ce6041e8616b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_sparc.deb
      Size/MD5:   418004 97edf96856ff530d88075b3076cc037e


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.