Bug 469311 (CVE-2008-4306)
Summary: | CVE-2008-4306 enscript: "font" special escape buffer overflows | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | atkac, kreilly | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2008-12-19 17:39:39 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 473089, 473090, 473091, 473093, 473094, 473095, 833895 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
Tomas Hoger
2008-10-31 08:59:42 UTC
Created attachment 322030 [details]
Proposed patch from Kees Cook (Ubuntu)
Created attachment 322031 [details]
Escape array indexing typo
While testing this, another minor typo was discovered in the escapes array indexing in the error code path. This can result in enscript crash (oob read), but does not seem to have any security implications.
Created attachment 322032 [details] Alternate patch proposed by Werner Fink (SuSE) For both CVE-2008-3863 and CVE-2008-4306. enscript-1.6.4-9.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. enscript-1.6.4-10.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-1016.html http://rhn.redhat.com/errata/RHSA-2008-1021.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-9351 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9372 |