Advisories:rPSA-2006-0083

From rPath Wiki

rPath Security Advisory 2006-0083-1

Published: 2006-05-26

Products

• rPath Linux 1

Rating

Minor

Exposure Level Classification

Local Deterministic Weakness

Updated Versions

• enscript=conary.rpath.com@rpl:1/1.6.1-8.2-1

rPath Issue Tracking System

• RPL-387

References

• CVE-2004-1186
• CVE-2004-1185
• CVE-2004-1184

Description

Previous versions of the enscript package have weaknesses that

may enable vulnerabilities in other applications; in particular,

some print filters may call enscript while allowing the user to

provide arbitrary filenames or options.

The print filters in rPath Linux do not expose these weaknesses

in enscript, and rPath is not aware of any other uses of enscript

in rPath Linux that would create actual vulnerabilities based on

these weaknesses in enscript.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html