User: Password:
|
|
Subscribe / Log in / New account

rPath alert rPSA-2006-0083-1 (enscript)

From:  "Justin M. Forbes" <jmforbes@rpath.com>
To:  security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:  rPSA-2006-0083-1 enscript
Date:  Fri, 26 May 2006 15:44:01 -0400
Cc:  full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net

rPath Security Advisory: 2006-0083-1 Published: 2006-05-26 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Deterministic Weakness Updated Versions: enscript=/conary.rpath.com@rpl:devel//1/1.6.1-8.2-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://bugs.rpath.com/show_bug.cgi?id=1169 Description: Previous versions of the enscript package have weaknesses that may enable vulnerabilities in other applications; in particular, some print filters may call enscript while allowing the user to provide arbitrary filenames or options. The print filters in rPath Linux do not expose these weaknesses in enscript, and rPath is not aware of any other uses of enscript in rPath Linux that would create actual vulnerabilities based on these weaknesses in enscript.


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds