Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 243228
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Paweł Hajdan jr (ph) <phajdan.jr@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 243228 depends on: Show dependency tree
Bug 243228 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-10-22 15:49 0000 
====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in GNU Enscript, which 
can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the 
"read_special_escape()" function in src/psgen.c. This can be exploited
to cause a stack-based buffer overflow by tricking the user into 
converting a malicious file.

Successful exploitation allows execution of arbitrary code, but
requires that special escapes processing is enabled with the "-e" 
option.

------- Comment #1 From Christian Hoffmann 2008-10-22 16:36:47 0000 ------- 
Setting whiteboard.

Upstream (in $URL) looks rather dead, our most recent in-tree version (1.6.4)
isn't even on their FTP, but it's here:
http://www.codento.com/people/mtr/genscript/ (which does not look too active
either).

Maybe we can borrow patches from other distributions.

------- Comment #2 From Christian Hoffmann 2008-10-22 16:40:39 0000 ------- 
Not sure about B2, could also be B1 as enscript can be used in trac for parsing
user-supplied data, if i remember correctly.

------- Comment #3 From Robert Buchholz 2008-11-07 13:41:19 0000 ------- 
Let's go with the SUSE+RedHat patch:
https://bugzilla.redhat.com/attachment.cgi?id=322032
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3863

printing, please apply and bump.

------- Comment #4 From Timo Gurr 2008-11-07 16:46:49 0000 ------- 
Applied and revbumped, enscript-1.6.4-r4 in the tree. I've also borrowed
another Fedora patch to repair emake install.

------- Comment #5 From Christian Hoffmann 2008-11-07 16:51:37 0000 ------- 
Arches, please test and mark stable
  =app-text/enscript-1.6.4-r4

Target keywords: alpha amd64 hppa ia64 ppc ppc64 sparc x86

------- Comment #6 From Ferris McCormick 2008-11-07 18:13:38 0000 ------- 
Sparc stable, working fine for me.

------- Comment #7 From Markus Meier 2008-11-08 12:53:46 0000 ------- 
amd64/x86 stable

------- Comment #8 From Raúl Porcel 2008-11-08 16:59:57 0000 ------- 
alpha/ia64 stable

------- Comment #9 From Jeroen Roovers 2008-11-08 17:01:34 0000 ------- 
Stable for HPPA.

------- Comment #10 From Markus Rothe 2008-11-12 18:06:18 0000 ------- 
ppc64 stable

------- Comment #11 From Tobias Scherbaum 2008-11-15 18:44:35 0000 ------- 
ppc stable

------- Comment #12 From Robert Buchholz 2008-12-02 17:28:37 0000 ------- 
GLSA 200812-02
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug