Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in evolution
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in evolution
ID: MDKSA-2007:136
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva 2007.0, Mandriva 2007.1
Datum: Mi, 27. Juni 2007, 01:58
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257
Applikationen: Evolution

Originalnachricht

This is a multi-part message in MIME format...

------------=_1182902324-8862-9505


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:136
http://www.mandriva.com/security/
_______________________________________________________________________

Package : evolution
Date : June 26, 2007
Affected: 2007.0, 2007.1, Corporate 3.0
_______________________________________________________________________

Problem Description:

A flaw in Evolution/evolution-data-server was found in how Evolution
would process certain IMAP server messages. If a user were tricked
into connecting to a malicious IMAP server, it was possible that
arbitrary code could be executed with the privileges of the user
using Evolution.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
799e691205941d34e11212a2dd725b96
2007.0/i586/evolution-data-server-1.8.0-1.2mdv2007.0.i586.rpm
359d17957bbc1ea601e1a7c0a499efe0
2007.0/i586/libcamel-provider8-1.8.0-1.2mdv2007.0.i586.rpm
dd3425b15ec030ddce4dff882a6952c0
2007.0/i586/libcamel0-1.8.0-1.2mdv2007.0.i586.rpm
0ad00b6e4a1e93c78f384421d9b22c8d
2007.0/i586/libebook9-1.8.0-1.2mdv2007.0.i586.rpm
44b4eb8bfcd9d624a1d5cfe61c991e02
2007.0/i586/libecal7-1.8.0-1.2mdv2007.0.i586.rpm
4bfd7929b5ffa706da0c7e5e46e83d97
2007.0/i586/libedata-book2-1.8.0-1.2mdv2007.0.i586.rpm
248f9836a436eab6daa471e195bbe5ce
2007.0/i586/libedata-cal6-1.8.0-1.2mdv2007.0.i586.rpm
f17a6a657e092a75f2804a85457e52d5
2007.0/i586/libedataserver7-1.8.0-1.2mdv2007.0.i586.rpm
0d78965f7da85e523a84ec40f95b704d
2007.0/i586/libedataserver7-devel-1.8.0-1.2mdv2007.0.i586.rpm
efcd149f1c7da7bd89ea6a3f51bacbb2
2007.0/i586/libedataserverui8-1.8.0-1.2mdv2007.0.i586.rpm
0846f5cc63c946b69a272205bdce3caa
2007.0/i586/libegroupwise12-1.8.0-1.2mdv2007.0.i586.rpm
b197d44154201fb378826b28cbfdf115
2007.0/i586/libexchange-storage2-1.8.0-1.2mdv2007.0.i586.rpm
1fc3527d6b6a3a051d69bf70b7746f91
2007.0/SRPMS/evolution-data-server-1.8.0-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
26167ab6a892608d67e65f59e07e35c2
2007.0/x86_64/evolution-data-server-1.8.0-1.2mdv2007.0.x86_64.rpm
bc4691affaf66027935d7d552994dbc1
2007.0/x86_64/lib64camel-provider8-1.8.0-1.2mdv2007.0.x86_64.rpm
e0878613cb6ddb022f90745cb2e0d0c0
2007.0/x86_64/lib64camel0-1.8.0-1.2mdv2007.0.x86_64.rpm
45abfa63361051aae3e63242100d3d9d
2007.0/x86_64/lib64ebook9-1.8.0-1.2mdv2007.0.x86_64.rpm
fde297dc794fbe600c0b3bd2ffd7896c
2007.0/x86_64/lib64ecal7-1.8.0-1.2mdv2007.0.x86_64.rpm
43818f4e26cb915f1ea58fcdae042657
2007.0/x86_64/lib64edata-book2-1.8.0-1.2mdv2007.0.x86_64.rpm
82110ff5609e07333260015f57d1a380
2007.0/x86_64/lib64edata-cal6-1.8.0-1.2mdv2007.0.x86_64.rpm
13e78437f13443111053650addeab87d
2007.0/x86_64/lib64edataserver7-1.8.0-1.2mdv2007.0.x86_64.rpm
70c86b4bdf9b78d491168b96a565c31f
2007.0/x86_64/lib64edataserver7-devel-1.8.0-1.2mdv2007.0.x86_64.rpm
d76dd23c54f9891a9b893c89a3b689de
2007.0/x86_64/lib64edataserverui8-1.8.0-1.2mdv2007.0.x86_64.rpm
8799b4f6e7fd6c730ac67972e2183679
2007.0/x86_64/lib64egroupwise12-1.8.0-1.2mdv2007.0.x86_64.rpm
f21f35631ae2503bab03cc3907343afd
2007.0/x86_64/lib64exchange-storage2-1.8.0-1.2mdv2007.0.x86_64.rpm
1fc3527d6b6a3a051d69bf70b7746f91
2007.0/SRPMS/evolution-data-server-1.8.0-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
a4207dd3187898b293e95ec84d63c487
2007.1/i586/evolution-data-server-1.10.2-1.2mdv2007.1.i586.rpm
919f041c2a434ae97afd33946916c7a6
2007.1/i586/libcamel-provider10-1.10.2-1.2mdv2007.1.i586.rpm
28f6ff630b7bb567cd9b9a1de14fa637
2007.1/i586/libcamel10-1.10.2-1.2mdv2007.1.i586.rpm
bd4aa0121ea9f55ee1bb3aab8c866d96
2007.1/i586/libebook9-1.10.2-1.2mdv2007.1.i586.rpm
ecf4966d953f4acb20d21d5062acad6f
2007.1/i586/libecal7-1.10.2-1.2mdv2007.1.i586.rpm
82536bfa75f7f7895f23b099aff7e23d
2007.1/i586/libedata-book2-1.10.2-1.2mdv2007.1.i586.rpm
b7d5f2ee65b4b44cf984b54297d64832
2007.1/i586/libedata-cal6-1.10.2-1.2mdv2007.1.i586.rpm
812f4dd037fdae47567055c9b8c07c50
2007.1/i586/libedataserver9-1.10.2-1.2mdv2007.1.i586.rpm
374f4244573dc6a8362d3fb468af63d1
2007.1/i586/libedataserver9-devel-1.10.2-1.2mdv2007.1.i586.rpm
d9613283f6a40684cc9d333200246d25
2007.1/i586/libedataserverui8-1.10.2-1.2mdv2007.1.i586.rpm
01a09dc83c0a8e5a77d87f0d67e18bf1
2007.1/i586/libegroupwise13-1.10.2-1.2mdv2007.1.i586.rpm
eb2ede90f3bccc8a89e8f29c0644f359
2007.1/i586/libexchange-storage3-1.10.2-1.2mdv2007.1.i586.rpm
f6ff5a6003fc0de4293f2369a0d06d13
2007.1/SRPMS/evolution-data-server-1.10.2-1.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
3740afc29aeeb037cac4d80ce44fd230
2007.1/x86_64/evolution-data-server-1.10.2-1.2mdv2007.1.x86_64.rpm
425166ef5d33557d10eb4e5b7be99587
2007.1/x86_64/lib64camel-provider10-1.10.2-1.2mdv2007.1.x86_64.rpm
62aade122b382312a315eed218862e92
2007.1/x86_64/lib64camel10-1.10.2-1.2mdv2007.1.x86_64.rpm
cf8d76ba3bf345a3272b73cc7637cd90
2007.1/x86_64/lib64ebook9-1.10.2-1.2mdv2007.1.x86_64.rpm
5543dc44e60b9d73cd76eab3437230bd
2007.1/x86_64/lib64ecal7-1.10.2-1.2mdv2007.1.x86_64.rpm
66c3d851ddd5746598dc7f236a4dbdf5
2007.1/x86_64/lib64edata-book2-1.10.2-1.2mdv2007.1.x86_64.rpm
e2071319ee9e9e29f8713f327aaac232
2007.1/x86_64/lib64edata-cal6-1.10.2-1.2mdv2007.1.x86_64.rpm
ac51fd1ea8578ea158b5b3a11f20ae03
2007.1/x86_64/lib64edataserver9-1.10.2-1.2mdv2007.1.x86_64.rpm
7985e720a298e3ce0b8458d605fd1541
2007.1/x86_64/lib64edataserver9-devel-1.10.2-1.2mdv2007.1.x86_64.rpm
60005dbd569b4314419e99b52ec9e3cb
2007.1/x86_64/lib64edataserverui8-1.10.2-1.2mdv2007.1.x86_64.rpm
1a2995cd1bda69b573c2627e5630e527
2007.1/x86_64/lib64egroupwise13-1.10.2-1.2mdv2007.1.x86_64.rpm
31eeaad105aef861941dc1e835285f35
2007.1/x86_64/lib64exchange-storage3-1.10.2-1.2mdv2007.1.x86_64.rpm
f6ff5a6003fc0de4293f2369a0d06d13
2007.1/SRPMS/evolution-data-server-1.10.2-1.2mdv2007.1.src.rpm

Corporate 3.0:
917b1a1f9012a0fb25f413921b7be262
corporate/3.0/i586/evolution-1.4.6-5.4.C30mdk.i586.rpm
a23d562eb1739f118dfae6edc5525894
corporate/3.0/i586/evolution-devel-1.4.6-5.4.C30mdk.i586.rpm
cce52e9742c276b1dd4734942e6c0b91
corporate/3.0/i586/evolution-pilot-1.4.6-5.4.C30mdk.i586.rpm
d641bdb15569634a3256078d29ce4b4a
corporate/3.0/SRPMS/evolution-1.4.6-5.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
ff14aab488c8c6ba749207dc4fcb8f12
corporate/3.0/x86_64/evolution-1.4.6-5.4.C30mdk.x86_64.rpm
cee82778952f48962fc9a59b5ae0598b
corporate/3.0/x86_64/evolution-devel-1.4.6-5.4.C30mdk.x86_64.rpm
cd44a44a8d0887036ce70bab577ffb68
corporate/3.0/x86_64/evolution-pilot-1.4.6-5.4.C30mdk.x86_64.rpm
d641bdb15569634a3256078d29ce4b4a
corporate/3.0/SRPMS/evolution-1.4.6-5.4.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGgWfPmqjQ0CJFipgRAq/PAJ9vBkCruXJsfrN1+Z8cYgakNjLWdwCg6FAx
WQshOpXBr/D1gAT+9Rvhga0=
=STMt
-----END PGP SIGNATURE-----


------------=_1182902324-8862-9505
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1182902324-8862-9505--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung