rPath alert rPSA-2006-0083-1 (enscript)
From: | "Justin M. Forbes" <jmforbes@rpath.com> | |
To: | security-announce@lists.rpath.com, update-announce@lists.rpath.com | |
Subject: | rPSA-2006-0083-1 enscript | |
Date: | Fri, 26 May 2006 15:44:01 -0400 | |
Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net |
rPath Security Advisory: 2006-0083-1 Published: 2006-05-26 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Deterministic Weakness Updated Versions: enscript=/conary.rpath.com@rpl:devel//1/1.6.1-8.2-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://bugs.rpath.com/show_bug.cgi?id=1169 Description: Previous versions of the enscript package have weaknesses that may enable vulnerabilities in other applications; in particular, some print filters may call enscript while allowing the user to provide arbitrary filenames or options. The print filters in rPath Linux do not expose these weaknesses in enscript, and rPath is not aware of any other uses of enscript in rPath Linux that would create actual vulnerabilities based on these weaknesses in enscript.