LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated evolution packages fix vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A flaw in Evolution/evolution-data-server was found in how Evolution would process certain IMAP server messages. If a user were tricked into connecting to a malicious IMAP server, it was possible that arbitrary code could be executed with the privileges of the user using Evolution. Updated packages have been patched to prevent this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:136
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : evolution
 Date    : June 26, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in Evolution/evolution-data-server was found in how Evolution
 would process certain IMAP server messages.  If a user were tricked
 into connecting to a malicious IMAP server, it was possible that
 arbitrary code could be executed with the privileges of the user
 using Evolution.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 799e691205941d34e11212a2dd725b96  2007.0/i586/evolution-data-server-1.8.0-1.2mdv2007.0.i586.rpm
 359d17957bbc1ea601e1a7c0a499efe0  2007.0/i586/libcamel-provider8-1.8.0-1.2mdv2007.0.i586.rpm
 dd3425b15ec030ddce4dff882a6952c0  2007.0/i586/libcamel0-1.8.0-1.2mdv2007.0.i586.rpm
 0ad00b6e4a1e93c78f384421d9b22c8d  2007.0/i586/libebook9-1.8.0-1.2mdv2007.0.i586.rpm
 44b4eb8bfcd9d624a1d5cfe61c991e02  2007.0/i586/libecal7-1.8.0-1.2mdv2007.0.i586.rpm
 4bfd7929b5ffa706da0c7e5e46e83d97  2007.0/i586/libedata-book2-1.8.0-1.2mdv2007.0.i586.rpm
 248f9836a436eab6daa471e195bbe5ce  2007.0/i586/libedata-cal6-1.8.0-1.2mdv2007.0.i586.rpm
 f17a6a657e092a75f2804a85457e52d5  2007.0/i586/libedataserver7-1.8.0-1.2mdv2007.0.i586.rpm
 0d78965f7da85e523a84ec40f95b704d  2007.0/i586/libedataserver7-devel-1.8.0-1.2mdv2007.0.i586.rpm
 efcd149f1c7da7bd89ea6a3f51bacbb2  2007.0/i586/libedataserverui8-1.8.0-1.2mdv2007.0.i586.rpm
 0846f5cc63c946b69a272205bdce3caa  2007.0/i586/libegroupwise12-1.8.0-1.2mdv2007.0.i586.rpm
 b197d44154201fb378826b28cbfdf115  2007.0/i586/libexchange-storage2-1.8.0-1.2mdv2007.0.i586.rpm 
 1fc3527d6b6a3a051d69bf70b7746f91  2007.0/SRPMS/evolution-data-server-1.8.0-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 26167ab6a892608d67e65f59e07e35c2  2007.0/x86_64/evolution-data-server-1.8.0-1.2mdv2007.0.x86_64.rpm
 bc4691affaf66027935d7d552994dbc1  2007.0/x86_64/lib64camel-provider8-1.8.0-1.2mdv2007.0.x86_64.rpm
 e0878613cb6ddb022f90745cb2e0d0c0  2007.0/x86_64/lib64camel0-1.8.0-1.2mdv2007.0.x86_64.rpm
 45abfa63361051aae3e63242100d3d9d  2007.0/x86_64/lib64ebook9-1.8.0-1.2mdv2007.0.x86_64.rpm
 fde297dc794fbe600c0b3bd2ffd7896c  2007.0/x86_64/lib64ecal7-1.8.0-1.2mdv2007.0.x86_64.rpm
 43818f4e26cb915f1ea58fcdae042657  2007.0/x86_64/lib64edata-book2-1.8.0-1.2mdv2007.0.x86_64.rpm
 82110ff5609e07333260015f57d1a380  2007.0/x86_64/lib64edata-cal6-1.8.0-1.2mdv2007.0.x86_64.rpm
 13e78437f13443111053650addeab87d  2007.0/x86_64/lib64edataserver7-1.8.0-1.2mdv2007.0.x86_64.rpm
 70c86b4bdf9b78d491168b96a565c31f  2007.0/x86_64/lib64edataserver7-devel-1.8.0-1.2mdv2007.0.x86_64.rpm
 d76dd23c54f9891a9b893c89a3b689de  2007.0/x86_64/lib64edataserverui8-1.8.0-1.2mdv2007.0.x86_64.rpm
 8799b4f6e7fd6c730ac67972e2183679  2007.0/x86_64/lib64egroupwise12-1.8.0-1.2mdv2007.0.x86_64.rpm
 f21f35631ae2503bab03cc3907343afd  2007.0/x86_64/lib64exchange-storage2-1.8.0-1.2mdv2007.0.x86_64.rpm 
 1fc3527d6b6a3a051d69bf70b7746f91  2007.0/SRPMS/evolution-data-server-1.8.0-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 a4207dd3187898b293e95ec84d63c487  2007.1/i586/evolution-data-server-1.10.2-1.2mdv2007.1.i586.rpm
 919f041c2a434ae97afd33946916c7a6  2007.1/i586/libcamel-provider10-1.10.2-1.2mdv2007.1.i586.rpm
 28f6ff630b7bb567cd9b9a1de14fa637  2007.1/i586/libcamel10-1.10.2-1.2mdv2007.1.i586.rpm
 bd4aa0121ea9f55ee1bb3aab8c866d96  2007.1/i586/libebook9-1.10.2-1.2mdv2007.1.i586.rpm
 ecf4966d953f4acb20d21d5062acad6f  2007.1/i586/libecal7-1.10.2-1.2mdv2007.1.i586.rpm
 82536bfa75f7f7895f23b099aff7e23d  2007.1/i586/libedata-book2-1.10.2-1.2mdv2007.1.i586.rpm
 b7d5f2ee65b4b44cf984b54297d64832  2007.1/i586/libedata-cal6-1.10.2-1.2mdv2007.1.i586.rpm
 812f4dd037fdae47567055c9b8c07c50  2007.1/i586/libedataserver9-1.10.2-1.2mdv2007.1.i586.rpm
 374f4244573dc6a8362d3fb468af63d1  2007.1/i586/libedataserver9-devel-1.10.2-1.2mdv2007.1.i586.rpm
 d9613283f6a40684cc9d333200246d25  2007.1/i586/libedataserverui8-1.10.2-1.2mdv2007.1.i586.rpm
 01a09dc83c0a8e5a77d87f0d67e18bf1  2007.1/i586/libegroupwise13-1.10.2-1.2mdv2007.1.i586.rpm
 eb2ede90f3bccc8a89e8f29c0644f359  2007.1/i586/libexchange-storage3-1.10.2-1.2mdv2007.1.i586.rpm 
 f6ff5a6003fc0de4293f2369a0d06d13  2007.1/SRPMS/evolution-data-server-1.10.2-1.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 3740afc29aeeb037cac4d80ce44fd230  2007.1/x86_64/evolution-data-server-1.10.2-1.2mdv2007.1.x86_64.rpm
 425166ef5d33557d10eb4e5b7be99587  2007.1/x86_64/lib64camel-provider10-1.10.2-1.2mdv2007.1.x86_64.rpm
 62aade122b382312a315eed218862e92  2007.1/x86_64/lib64camel10-1.10.2-1.2mdv2007.1.x86_64.rpm
 cf8d76ba3bf345a3272b73cc7637cd90  2007.1/x86_64/lib64ebook9-1.10.2-1.2mdv2007.1.x86_64.rpm
 5543dc44e60b9d73cd76eab3437230bd  2007.1/x86_64/lib64ecal7-1.10.2-1.2mdv2007.1.x86_64.rpm
 66c3d851ddd5746598dc7f236a4dbdf5  2007.1/x86_64/lib64edata-book2-1.10.2-1.2mdv2007.1.x86_64.rpm
 e2071319ee9e9e29f8713f327aaac232  2007.1/x86_64/lib64edata-cal6-1.10.2-1.2mdv2007.1.x86_64.rpm
 ac51fd1ea8578ea158b5b3a11f20ae03  2007.1/x86_64/lib64edataserver9-1.10.2-1.2mdv2007.1.x86_64.rpm
 7985e720a298e3ce0b8458d605fd1541  2007.1/x86_64/lib64edataserver9-devel-1.10.2-1.2mdv2007.1.x86_64.rpm
 60005dbd569b4314419e99b52ec9e3cb  2007.1/x86_64/lib64edataserverui8-1.10.2-1.2mdv2007.1.x86_64.rpm
 1a2995cd1bda69b573c2627e5630e527  2007.1/x86_64/lib64egroupwise13-1.10.2-1.2mdv2007.1.x86_64.rpm
 31eeaad105aef861941dc1e835285f35  2007.1/x86_64/lib64exchange-storage3-1.10.2-1.2mdv2007.1.x86_64.rpm 
 f6ff5a6003fc0de4293f2369a0d06d13  2007.1/SRPMS/evolution-data-server-1.10.2-1.2mdv2007.1.src.rpm

 Corporate 3.0:
 917b1a1f9012a0fb25f413921b7be262  corporate/3.0/i586/evolution-1.4.6-5.4.C30mdk.i586.rpm
 a23d562eb1739f118dfae6edc5525894  corporate/3.0/i586/evolution-devel-1.4.6-5.4.C30mdk.i586.rpm
 cce52e9742c276b1dd4734942e6c0b91  corporate/3.0/i586/evolution-pilot-1.4.6-5.4.C30mdk.i586.rpm 
 d641bdb15569634a3256078d29ce4b4a  corporate/3.0/SRPMS/evolution-1.4.6-5.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ff14aab488c8c6ba749207dc4fcb8f12  corporate/3.0/x86_64/evolution-1.4.6-5.4.C30mdk.x86_64.rpm
 cee82778952f48962fc9a59b5ae0598b  corporate/3.0/x86_64/evolution-devel-1.4.6-5.4.C30mdk.x86_64.rpm
 cd44a44a8d0887036ce70bab577ffb68  corporate/3.0/x86_64/evolution-pilot-1.4.6-5.4.C30mdk.x86_64.rpm 
 d641bdb15569634a3256078d29ce4b4a  corporate/3.0/SRPMS/evolution-1.4.6-5.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Today's Security Hacks Are After More Than Bank Info
How Boston Children's Hospital Hit Back at Anonymous
SNMP DDoS Scans Spoof Google Public DNS Server
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.