______________________________________________________________________ Mandrake Linux Security Update Advisory ______________________________________________________________________ Package name: enscript Advisory ID: MDKSA-2002:010 Date: January 28th, 2002 Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1 ______________________________________________________________________ Problem Description: The enscript program does not create temporary files in a secure fashion and as such could be abused if enscript is run as root. ______________________________________________________________________ References: ______________________________________________________________________ Updated Packages: Linux-Mandrake 7.1: 3eab8fe4d7d2cd23b97536221e0fcfbf 7.1/RPMS/enscript-1.6.1-22.1mdk.i586.rpm 4648f17f6a409047f2adbcddb8c0ed35 7.1/SRPMS/enscript-1.6.1-22.1mdk.src.rpm Linux-Mandrake 7.2: 497f83cde928d165173bc11b50de2cce 7.2/RPMS/enscript-1.6.1-22.1mdk.i586.rpm 4648f17f6a409047f2adbcddb8c0ed35 7.2/SRPMS/enscript-1.6.1-22.1mdk.src.rpm Mandrake Linux 8.0: 92600d81e8d2cde3bfee4512c0986a51 8.0/RPMS/enscript-1.6.1-22.1mdk.i586.rpm 4648f17f6a409047f2adbcddb8c0ed35 8.0/SRPMS/enscript-1.6.1-22.1mdk.src.rpm Mandrake Linux 8.0/ppc: 4e4a79ca2ba540e633bd09a8f3b2a8a2 ppc/8.0/RPMS/enscript-1.6.1-22.1mdk.ppc.rpm 4648f17f6a409047f2adbcddb8c0ed35 ppc/8.0/SRPMS/enscript-1.6.1-22.1mdk.src.rpm Mandrake Linux 8.1: f30e305cd6b7050ab2088098a4ac0997 8.1/RPMS/enscript-1.6.1-22.1mdk.i586.rpm 4648f17f6a409047f2adbcddb8c0ed35 8.1/SRPMS/enscript-1.6.1-22.1mdk.src.rpm Mandrake Linux 8.1/ia64: c787d13882ce88db37c26766406ce158 ia64/8.1/RPMS/enscript-1.6.1-22.1mdk.ia64.rpm 4648f17f6a409047f2adbcddb8c0ed35 ia64/8.1/SRPMS/enscript-1.6.1-22.1mdk.src.rpm Corporate Server 1.0.1: 3eab8fe4d7d2cd23b97536221e0fcfbf 1.0.1/RPMS/enscript-1.6.1-22.1mdk.i586.rpm 4648f17f6a409047f2adbcddb8c0ed35 1.0.1/SRPMS/enscript-1.6.1-22.1mdk.src.rpm ______________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ______________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: