rPath Security Advisory: 2006-0083-1 Published: 2006-05-26 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Deterministic Weakness Updated Versions: enscript=/conary.rpath.com@rpl:devel//1/1.6.1-8.2-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1186 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1185 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1184 http://bugs.rpath.com/show_bug.cgi?id=1169 Description: Previous versions of the enscript package have weaknesses that may enable vulnerabilities in other applications; in particular, some print filters may call enscript while allowing the user to provide arbitrary filenames or options. The print filters in rPath Linux do not expose these weaknesses in enscript, and rPath is not aware of any other uses of enscript in rPath Linux that would create actual vulnerabilities based on these weaknesses in enscript.