From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200812-02.xml | 68 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 metadata/glsa/glsa-200812-02.xml (limited to 'metadata/glsa/glsa-200812-02.xml') diff --git a/metadata/glsa/glsa-200812-02.xml b/metadata/glsa/glsa-200812-02.xml new file mode 100644 index 000000000000..e833310ebce3 --- /dev/null +++ b/metadata/glsa/glsa-200812-02.xml @@ -0,0 +1,68 @@ + + + + enscript: User-assisted execution of arbitrary code + + Two buffer overflows in enscript might lead to the execution of arbitrary + code. + + enscript + 2008-12-02 + 2008-12-02: 02 + 243228 + remote + + + 1.6.4-r4 + 1.6.4-r4 + + + +

+ enscript is a powerful ASCII to PostScript file converter. +

+ + +

+ Two stack-based buffer overflows in the read_special_escape() function + in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research + discovered a vulnerability related to the "setfilename" command + (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability + related to the "font" escape sequence (CVE-2008-4306). +

+ + +

+ An attacker could entice a user or automated system to process + specially crafted input with the special escapes processing enabled + using the "-e" option, possibly resulting in the execution of arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All enscript users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.4-r4" + + + CVE-2008-3863 + CVE-2008-4306 + + + rbu + + + rbu + + + rbu + + -- cgit v1.2.3