Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Evolution vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails. A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution.
Ubuntu Security Notice USN-583-1             March 05, 2008
evolution vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  evolution                       2.6.1-0ubuntu7.2

Ubuntu 6.10:
  evolution                       2.8.1-0ubuntu4.2

Ubuntu 7.04:
  evolution                       2.10.1-0ubuntu2.1

Ubuntu 7.10:
  evolution                       2.12.1-0ubuntu1.1

After a standard system upgrade you need to restart Evolution to effect
the necessary changes.

Details follow:

Ulf Harnhammar discovered that Evolution did not correctly handle format
strings when processing encrypted emails.  A remote attacker could exploit
this by sending a specially crafted email, resulting in arbitrary code

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   203646 3015e8026cd5a91df8cb673c5fc39d40
      Size/MD5:     1402 0a32038fe5e071cb4c12935acf639c02
      Size/MD5: 17037346 e2ba35f5eaa324d0eb552c1c87405042

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  6578230 ef179b357cb7b454ae8393a366021314
      Size/MD5:   216368 2d6ed392b174e90f21163fcc2163996c
      Size/MD5:   333036 9583853b8fc369d9e991f20d25a92d53
      Size/MD5:  4956256 897c8ff77d8826f2e3c66219c093a7e2

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  5741688 8d351e2a18ffa7de3009dd954b140f61
      Size/MD5:   216404 c75bba76d46736190548a063af944501
      Size/MD5:   304890 3fa8a69f8fbaffed47da761c0a7ce554
      Size/MD5:  4696720 155764faf320f37775cec333b9860a0d

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  6513184 d710da9eb147e08928020cee44565b18
      Size/MD5:   216408 48c0b9b3bd11332e796a3bba406ad990
      Size/MD5:   348230 8b3f5779fd665287f97f91ed68974571
      Size/MD5:  4838748 e94f9f1cb37ad60da4e7a9ba71607edb

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  5824958 a1e84f2d584e46c40885b83498bf44a3
      Size/MD5:   216442 431edde18d17dcea720845998d07beb8
      Size/MD5:   304852 6b5b4d337f54af40bd98a57315da5b5b
      Size/MD5:  4781836 6868fc03608119df8aa837556756be84

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   362867 c15866200e4d0b7e0e78895cf8e6fbc0
      Size/MD5:     1373 f78da23f7ff3d726376659333ed21dee
      Size/MD5: 17782443 0ce38f1ae7992e00eec3414e62cb3a59

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  6569214 c98c86c7f54f44f904b6b2f46db06d8d
      Size/MD5:   212428 a5f0b0647e9caa73e0da8024801754eb
      Size/MD5:   124114 cd31ef1f61924092dce2ea3b59d30d56
      Size/MD5:  5341254 073a1cb3846675a84ee03cf150d32733

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  6183708 68f4f445ea20a62fab5939c4efa0add5
      Size/MD5:   212484 83e502706ad5f53ccbeba4234d98064e
      Size/MD5:   119126 d064848f9f685b148b3c0ceda43fb52a
      Size/MD5:  5143158 acca4640a33498e41f0e6f4461271672

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  6567194 8aed4b3cdf709f34fcc60b5067bcf4dd
      Size/MD5:   212446 00462788cb67e75cac1e2687c20e6ffc
      Size/MD5:   132302 9650f4d2f13a3fd573ed8a39ea05f802
      Size/MD5:  5242744 68d3c8fcef84a0b9d5f23e37b57cdc4a

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  6084210 3aa6eb0c11ad1d02b19f482b1d2ea554
      Size/MD5:   212440 f024f02f296d8f7e3ca78c2c4ca0560e
      Size/MD5:   117344 f0182a162e3f9086ad569c7af0eab6fb
      Size/MD5:  5152234 531bcc5955ab7244661c6c89df540669

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   210525 bbf6602b7424c10413186f474b000a44
      Size/MD5:     2018 40f16cda1b6747a92097590ea38d361b
      Size/MD5: 20875752 43db33a2608916fbbecbb794b7de0924

  Architecture independent packages:
      Size/MD5: 19353724 c5d08b1384dd44641160b871ee2fe103

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  6713478 112289645affd984a37285f58ebe897e
      Size/MD5:   216464 d9c7862e8bcb8ff36c04a8d7df1747dc
      Size/MD5:   136364 9acdc7d7aef9203752040e7d7e5e66c8
      Size/MD5:  2735950 250c738aa9d279a963edd7e05f70b82e
      Size/MD5:    97482 80934a6ad6a87f6d9d83a854852a8fc8

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  6308966 66e5b0c67e627fd4522b31b69ea7412c
      Size/MD5:   216470 46ce1c31dacf33ce573e34907c29fc52
      Size/MD5:   130052 c4c34cbb1f3ba84a6f860bda37d2438b
      Size/MD5:  2538582 8c10f0f7e2436f90b97c944626af7358
      Size/MD5:    95458 96dbd649345ccf28d136ddad0bc37abd

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  6706266 b9494ad95c9d8f745c07a4b03cab1968
      Size/MD5:   216502 e52c30e799d45d9d3bf91ed126450fe7
      Size/MD5:   154936 6a73224d57197990599c5d142a93f683
      Size/MD5:  2872602 51453f79dddd31e5de608c8dec4c9048
      Size/MD5:   104428 1db598c653e13553032051bc798bb5cb

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  6216208 da4de3678bd78b3c9937f2f85836704d
      Size/MD5:   216490 f9da62d91cd684225be9c5c2b14331fd
      Size/MD5:   128202 4264e009fe03d3aab9ba1841314ce513
      Size/MD5:  2552070 0cdcedf7d8716d3633158a2fc2add910
      Size/MD5:    94894 d338c0e9446143d2abccf48caf3a3f99

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:    48036 1305c81cab45e86f185787558f14cad2
      Size/MD5:     2086 d693e3bfcd22c01552b2e46af2ef3a61
      Size/MD5: 31711081 48e74dcff2636e0e66dca303a91c9b93

  Architecture independent packages:
      Size/MD5: 11054864 cb8be3e829748afe1b1752b6d02abe6c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  6649232 d3dca779a3027a3e14a8c706dd3f5f30
      Size/MD5:   143376 55e0d93294f69687d3b03cf99bb92e32
      Size/MD5:    78222 041216f9e71e37f8bdbcb7d590774a98
      Size/MD5:  2732316 e8f4df81d2e1ee6114e7191dfffe884a
      Size/MD5:    18712 45681ea24febcdf441670619ff89e15f

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  6274290 ba9442d1736383e90a0dde247d6e119c
      Size/MD5:   143350 42b646fe4c3e8339e0d512b541e428fb
      Size/MD5:    68532 d0e1317e7ffc6e6171d20e4e7d14a2c2
      Size/MD5:  2520532 130647d772e4f13327aee570770f2c16
      Size/MD5:    17066 ffe88bb399261addf7d6206290ff8815

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  6657670 b8b653c41b564656a4e9ef5d3882f349
      Size/MD5:   143360 f55a0cbbd5cdbbf787046fdef8c81c34
      Size/MD5:    98806 54d900d851b2d3a0cbf860b04887738f
      Size/MD5:  2866636 a62c9fbbfe8fc8be3775d0927b0d7ed0
      Size/MD5:    24232 e80987ecc42fcd7751aa254ea074c2a6

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  6166402 589524dfb5fe8beff850740e3941dcf1
      Size/MD5:   143368 4b1014bc231eca798e9878f3d7d3d102
      Size/MD5:    67160 8dc1187380fb7e8e1096bea2fa070de2
      Size/MD5:  2539100 e7745a59c031ddd134cd7125de79bd9a
      Size/MD5:    16452 0c3fe63f5f1b911e80e71a609b8b1b61

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============!46729149751763242=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.