drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in evolution
Name: |
Pufferüberlauf in evolution |
|
ID: |
RHSA-2008:0177-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mi, 5. März 2008, 11:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0072 |
|
Applikationen: |
Evolution |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: evolution security update Advisory ID: RHSA-2008:0177-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0177.html Issue date: 2008-03-05 CVE Names: CVE-2008-0072 =====================================================================
1. Summary:
Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64
3. Description:
Evolution is the GNOME collection of personal information management (PIM) tools.
A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072)
All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.
Red Hat would like to thank Ulf HÀrnhammar of Secunia Research for finding and reporting this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bugs fixed (http://bugzilla.redhat.com/):
435759 - CVE-2008-0072 Evolution format string flaw
6. Package List:
Red Hat Enterprise Linux AS version 4:
Source: evolution-2.0.2-35.0.4.el4_6.1.src.rpm evolution28-2.8.0-53.el4_6.2.src.rpm
i386: evolution-2.0.2-35.0.4.el4_6.1.i386.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.i386.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.i386.rpm evolution28-2.8.0-53.el4_6.2.i386.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.i386.rpm evolution28-devel-2.8.0-53.el4_6.2.i386.rpm
ia64: evolution-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution28-2.8.0-53.el4_6.2.ia64.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.ia64.rpm evolution28-devel-2.8.0-53.el4_6.2.ia64.rpm
ppc: evolution-2.0.2-35.0.4.el4_6.1.ppc.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.ppc.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.ppc.rpm evolution28-2.8.0-53.el4_6.2.ppc.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.ppc.rpm evolution28-devel-2.8.0-53.el4_6.2.ppc.rpm
s390: evolution-2.0.2-35.0.4.el4_6.1.s390.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.s390.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.s390.rpm evolution28-2.8.0-53.el4_6.2.s390.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.s390.rpm evolution28-devel-2.8.0-53.el4_6.2.s390.rpm
s390x: evolution-2.0.2-35.0.4.el4_6.1.s390x.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.s390x.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.s390x.rpm evolution28-2.8.0-53.el4_6.2.s390x.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.s390x.rpm evolution28-devel-2.8.0-53.el4_6.2.s390x.rpm
x86_64: evolution-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution28-2.8.0-53.el4_6.2.x86_64.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.x86_64.rpm evolution28-devel-2.8.0-53.el4_6.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source: evolution-2.0.2-35.0.4.el4_6.1.src.rpm evolution28-2.8.0-53.el4_6.2.src.rpm
i386: evolution-2.0.2-35.0.4.el4_6.1.i386.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.i386.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.i386.rpm evolution28-2.8.0-53.el4_6.2.i386.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.i386.rpm evolution28-devel-2.8.0-53.el4_6.2.i386.rpm
x86_64: evolution-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution28-2.8.0-53.el4_6.2.x86_64.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.x86_64.rpm evolution28-devel-2.8.0-53.el4_6.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source: evolution-2.0.2-35.0.4.el4_6.1.src.rpm evolution28-2.8.0-53.el4_6.2.src.rpm
i386: evolution-2.0.2-35.0.4.el4_6.1.i386.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.i386.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.i386.rpm evolution28-2.8.0-53.el4_6.2.i386.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.i386.rpm evolution28-devel-2.8.0-53.el4_6.2.i386.rpm
ia64: evolution-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution28-2.8.0-53.el4_6.2.ia64.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.ia64.rpm evolution28-devel-2.8.0-53.el4_6.2.ia64.rpm
x86_64: evolution-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution28-2.8.0-53.el4_6.2.x86_64.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.x86_64.rpm evolution28-devel-2.8.0-53.el4_6.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source: evolution-2.0.2-35.0.4.el4_6.1.src.rpm evolution28-2.8.0-53.el4_6.2.src.rpm
i386: evolution-2.0.2-35.0.4.el4_6.1.i386.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.i386.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.i386.rpm evolution28-2.8.0-53.el4_6.2.i386.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.i386.rpm evolution28-devel-2.8.0-53.el4_6.2.i386.rpm
ia64: evolution-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.ia64.rpm evolution28-2.8.0-53.el4_6.2.ia64.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.ia64.rpm evolution28-devel-2.8.0-53.el4_6.2.ia64.rpm
x86_64: evolution-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution-debuginfo-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution-devel-2.0.2-35.0.4.el4_6.1.x86_64.rpm evolution28-2.8.0-53.el4_6.2.x86_64.rpm evolution28-debuginfo-2.8.0-53.el4_6.2.x86_64.rpm evolution28-devel-2.8.0-53.el4_6.2.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: evolution-2.8.0-40.el5_1.1.src.rpm
i386: evolution-2.8.0-40.el5_1.1.i386.rpm evolution-debuginfo-2.8.0-40.el5_1.1.i386.rpm
x86_64: evolution-2.8.0-40.el5_1.1.i386.rpm evolution-2.8.0-40.el5_1.1.x86_64.rpm evolution-debuginfo-2.8.0-40.el5_1.1.i386.rpm evolution-debuginfo-2.8.0-40.el5_1.1.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: evolution-2.8.0-40.el5_1.1.src.rpm
i386: evolution-debuginfo-2.8.0-40.el5_1.1.i386.rpm evolution-devel-2.8.0-40.el5_1.1.i386.rpm
x86_64: evolution-debuginfo-2.8.0-40.el5_1.1.i386.rpm evolution-debuginfo-2.8.0-40.el5_1.1.x86_64.rpm evolution-devel-2.8.0-40.el5_1.1.i386.rpm evolution-devel-2.8.0-40.el5_1.1.x86_64.rpm
RHEL Optional Productivity Applications (v. 5 server):
Source: evolution-2.8.0-40.el5_1.1.src.rpm
i386: evolution-2.8.0-40.el5_1.1.i386.rpm evolution-debuginfo-2.8.0-40.el5_1.1.i386.rpm evolution-devel-2.8.0-40.el5_1.1.i386.rpm
x86_64: evolution-2.8.0-40.el5_1.1.i386.rpm evolution-2.8.0-40.el5_1.1.x86_64.rpm evolution-debuginfo-2.8.0-40.el5_1.1.i386.rpm evolution-debuginfo-2.8.0-40.el5_1.1.x86_64.rpm evolution-devel-2.8.0-40.el5_1.1.i386.rpm evolution-devel-2.8.0-40.el5_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0072 http://www.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFHznl5XlSAg2UNWIIRAjnvAJ4uM/wBpVQHyAiuKiF6ba6QULUSCwCgnHMH iI/+/Ms3IhsvWQWb252HGKI= =ZmDZ -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|