===========================================================
Ubuntu Security Notice USN-660-1          November 03, 2008
enscript vulnerability
CVE-2008-3863, CVE-2008-4306
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  enscript                        1.6.4-7ubuntu0.2

Ubuntu 7.10:
  enscript                        1.6.4-11ubuntu0.2

Ubuntu 8.04 LTS:
  enscript                        1.6.4-12ubuntu0.8.04.1

Ubuntu 8.10:
  enscript                        1.6.4-12ubuntu0.8.10.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Ulf Härnhammar discovered multiple stack overflows in enscript's handling of
special escape arguments.  If a user or automated system were tricked into
processing a malicious file with the "-e" option enabled, a remote attacker
could execute arbitrary code or cause enscript to crash, possibly leading
to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2.diff.gz
      Size/MD5:    21257 099ec23f341d2d17283bde9b36942ab6
    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2.dsc
      Size/MD5:      674 432f64fe62d7d29e13872525726cb032
    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4.orig.tar.gz
      Size/MD5:  1036734 b5174b59e4a050fb462af5dbf28ebba3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2_amd64.deb
      Size/MD5:   423482 636c62e47e3e73b9389b47bfcc8c6647

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2_i386.deb
      Size/MD5:   405530 41f6c81e90905043fa9018d8f4e30457

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2_powerpc.deb
      Size/MD5:   419126 6c80126f37f4800f0507329dd6bb0aa3

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-7ubuntu0.2_sparc.deb
      Size/MD5:   411222 47084632ebb468a3d13f52dcee9dd977

Updated packages for Ubuntu 7.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2.diff.gz
      Size/MD5:    91026 c788b4b331ad7ddd6a2743ae27f725a4
    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2.dsc
      Size/MD5:      767 084a84daf7f8b47f2ac3bf3debb995ea
    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4.orig.tar.gz
      Size/MD5:  1036734 b5174b59e4a050fb462af5dbf28ebba3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_amd64.deb
      Size/MD5:   425468 5f020fcebfffb46ed32cc6ae50939972

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_i386.deb
      Size/MD5:   411500 3f7ebb92b6a87efce2ec18ad2cbed2d3

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_lpia.deb
      Size/MD5:   414372 3630143c4898a99a48a13bd5899f003c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_powerpc.deb
      Size/MD5:   424744 bbd80756d675ae285b7bfec9992fbc55

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-11ubuntu0.2_sparc.deb
      Size/MD5:   415382 f665b649a786296363e17fd6f560bb0f

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1.diff.gz
      Size/MD5:    93119 62c2bd2cef254af68bd2fa0c7d1d36f3
    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1.dsc
      Size/MD5:      774 7cb02960688d0e9fb17f30bc7932577e
    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4.orig.tar.gz
      Size/MD5:  1036734 b5174b59e4a050fb462af5dbf28ebba3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_amd64.deb
      Size/MD5:   425882 56b5c201eba9f4ccba832d9de0277b6a

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_i386.deb
      Size/MD5:   412426 7e5bd9e9ed8d8a69e01f112ace8bf9d8

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_lpia.deb
      Size/MD5:   414800 6c3584e7ca1dc88917d3f24298cbd78b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   426356 c9efe8d867bdcf618857c2eb6a140d6b

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.04.1_sparc.deb
      Size/MD5:   415802 0d13cb614bbaefb045515c3ac223c5a6

Updated packages for Ubuntu 8.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1.diff.gz
      Size/MD5:    93116 0338194240bae030e8150e47ac40208d
    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1.dsc
      Size/MD5:     1188 ac3234ebd2b48790ac95d4d1baae83e8
    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4.orig.tar.gz
      Size/MD5:  1036734 b5174b59e4a050fb462af5dbf28ebba3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_amd64.deb
      Size/MD5:   428584 64a869b979b5d62ff169b68e322ae43f

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_i386.deb
      Size/MD5:   415574 25eb8ba34f468dd58a6ddf607d54e434

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_lpia.deb
      Size/MD5:   416772 9ec0d324ce07b50261acc2896618a46f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   426934 5aa206fa2bee1d271672ce6041e8616b

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/e/enscript/enscript_1.6.4-12ubuntu0.8.10.1_sparc.deb
      Size/MD5:   418004 97edf96856ff530d88075b3076cc037e

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to