LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Evolution vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-442-1             March 26, 2007
evolution vulnerability
CVE-2007-1002
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  evolution                                2.6.1-0ubuntu7.1

Ubuntu 6.10:
  evolution                                2.8.1-0ubuntu4.1

After a standard system upgrade you need to restart Evolution or reboot 
your computer to effect the necessary changes.

Details follow:

Ulf Harnhammar of Secunia Research discovered that Evolution did not 
correctly handle format strings when displaying shared memos.  If a 
remote attacker tricked a user into viewing a specially crafted shared 
memo, they could execute arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1.diff.gz
      Size/MD5:   203008 2ae07aca07876171488a3742fcf6cd7d
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1.dsc
      Size/MD5:     1402 70ff6cd8aba5ce24c06b89322023992f
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1.orig.tar.gz
      Size/MD5: 17037346 e2ba35f5eaa324d0eb552c1c87405042

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_amd64.deb
      Size/MD5:  6577972 498a48802494560e62697f9d1fc7f9ce
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_amd64.deb
      Size/MD5:   216282 e62eb68d84fc250692bbb2f306543f5e
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_amd64.deb
      Size/MD5:   332896 dae270dbfc6e066649d6582b47026a03
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_amd64.deb
      Size/MD5:  4955414 23d03c1b299f17cc35deeff387072b2c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_i386.deb
      Size/MD5:  5741630 0f8ff4369f8532fda8ddf0e51cd520d0
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_i386.deb
      Size/MD5:   216300 1dea6eedc89ab62b30d305bae64cf280
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_i386.deb
      Size/MD5:   304794 537374fa643646397e4f190cf04c9a4f
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_i386.deb
      Size/MD5:  4696350 9a02afe119a2780003a153244fbfa6d8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_powerpc.deb
      Size/MD5:  6512980 e13fc8bbc5d316072bdfc29dec731356
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_powerpc.deb
      Size/MD5:   216290 7a5b51f4d6242034010f228307f20cb1
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_powerpc.deb
      Size/MD5:   348122 bfa4413a04e17d2253f151707650848f
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_powerpc.deb
      Size/MD5:  4838568 24d0aa33e501a30354785c1fdc60a91b

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_sparc.deb
      Size/MD5:  5824986 77f688641c4d4391196aae225c101ddf
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_sparc.deb
      Size/MD5:   216314 7b7aa826df864586fd3081afe8e34dd3
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_sparc.deb
      Size/MD5:   304758 1ea9ddcd94a5d2e096105832801e382a
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_sparc.deb
      Size/MD5:  4781704 8b845a4b4cdc0c9bb98e6036698d4d18

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1.diff.gz
      Size/MD5:   362367 369d47c1902a4eded5b638c786ab222c
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1.dsc
      Size/MD5:     1373 da428269e616e6f21d63266a0447424f
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1.orig.tar.gz
      Size/MD5: 17782443 0ce38f1ae7992e00eec3414e62cb3a59

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_amd64.deb
      Size/MD5:  6569246 4cd8e2a6ee3c2b00253804d65ce2417e
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_amd64.deb
      Size/MD5:   212314 43d020bb87ec8f9d00952d9f17f76cd3
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_amd64.deb
      Size/MD5:   124000 95d482c09e7140b76afa9c8ae788fe39
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_amd64.deb
      Size/MD5:  5341080 53a444b95c4275bf8e338251033aea4c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_i386.deb
      Size/MD5:  6183514 debcc0562af15abf0049619b231a3851
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_i386.deb
      Size/MD5:   212326 833c45b1ac595d8b9c1fe0133f775f6f
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_i386.deb
      Size/MD5:   119026 f53322b9df228674cc5b5d5ec3b581a8
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_i386.deb
      Size/MD5:  5143056 3ad68c9a9a546379e4d37da97ea737e1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_powerpc.deb
      Size/MD5:  6567094 0de2ecf5ac22debc34e62d4318bc1860
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_powerpc.deb
      Size/MD5:   212318 f2dcdcfcc4b2f157d258213a1ca6328e
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_powerpc.deb
      Size/MD5:   132218 cba1dff0546242060d83b58d03311d3e
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_powerpc.deb
      Size/MD5:  5242672 00e64b862a130607586770ee2329619f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_sparc.deb
      Size/MD5:  6084110 51e9855eb0669f30bf0d8c197901659f
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_sparc.deb
      Size/MD5:   212320 68b6ce59b82753e10b4f481552970b77
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_sparc.deb
      Size/MD5:   117242 cc20e0c7057bd6ef2ec2d84ef31b6c7e
    http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_sparc.deb
      Size/MD5:  5151890 494d1c41a154f4ceb2830dd6fcfbc721


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.