News

=========================================================== Ubuntu Security Notice USN-660-1 November 03, 2008 enscript vulnerability CVE-2008-3863, CVE-2008-4306 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: enscript 1.6.4-7ubuntu0.2 Ubuntu 7.10: enscript 1.6.4-11ubuntu0.2 Ubuntu 8.04 LTS: enscript 1.6.4-12ubuntu0.8.04.1 Ubuntu 8.10: enscript 1.6.4-12ubuntu0.8.10.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ulf Härnhammar discovered multiple stack overflows in enscript's handling of special escape arguments. If a user or automated system were tricked into processing a malicious file with the "-e" option enabled, a remote attacker could execute arbitrary code or cause enscript to crash, possibly leading to a denial of service.