Skip to navigation

Security Advisory Evolution security update

Advisory: RHSA-2005:267-10
Type: Security Advisory
Severity: Important
Issued on: 2005-08-29
Last updated on: 2005-08-29
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-2549
CVE-2005-2550

Details

Updated evolution packages that fix a format string issue are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Evolution is the GNOME collection of personal information management (PIM)
tools.

A format string bug was found in Evolution. If a user tries to save a
carefully crafted meeting or appointment, arbitrary code may be executed as
the user running Evolution. The Common Vulnerabilities and Exposures
project has assigned the name CAN-2005-2550 to this issue.

Additionally, several other format string bugs were found in Evolution. If
a user views a malicious vCard, connects to a malicious LDAP server, or
displays a task list from a malicious remote server, arbitrary code may be
executed as the user running Evolution. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2005-2549 to this issue. Please
note that this issue only affects Red Hat Enterprise Linux 4.

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
evolution-1.4.5-16.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: 64de9c454f1985ac261404de29171459
 
IA-32:
evolution-1.4.5-16.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: b6ab1aee94253b982a327828d201ab90
evolution-devel-1.4.5-16.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 72e961d8fafbd83ed5f354a1f066f308
 
x86_64:
evolution-1.4.5-16.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: ee6f495c0204f84f7d2ed4e96cbca4dd
evolution-devel-1.4.5-16.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: acba6d9167cedfec8b52f7acb0ce5773
 
Red Hat Desktop (v. 4)

SRPMS:
evolution-2.0.2-16.3.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 38e6363d976371f9c506e85d85964f80
 
IA-32:
evolution-2.0.2-16.3.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: ebebd06e957857c33718dbeae32fe191
evolution-devel-2.0.2-16.3.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4a5434ff49d485307516b7074be33452
 
x86_64:
evolution-2.0.2-16.3.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: ec340d42ffdcb8de1d8ec844868f92b7
evolution-devel-2.0.2-16.3.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 55df9a9c087385075c1acc9864349d7c
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
evolution-1.4.5-16.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: 64de9c454f1985ac261404de29171459
 
IA-32:
evolution-1.4.5-16.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: b6ab1aee94253b982a327828d201ab90
evolution-devel-1.4.5-16.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 72e961d8fafbd83ed5f354a1f066f308
 
IA-64:
evolution-1.4.5-16.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 0afe128ad8d995daf7e52d1f718ac3fa
evolution-devel-1.4.5-16.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 841a301e4f8f0b7fdf9254278d2a0d01
 
PPC:
evolution-1.4.5-16.ppc.rpm
File outdated by:  RHSA-2009:0358
    MD5: 45ccb2ad1cad38000bdf9735d89740cd
evolution-devel-1.4.5-16.ppc.rpm
File outdated by:  RHSA-2009:0358
    MD5: 471dbd100230ec85140667ab4afe4f9a
 
s390:
evolution-1.4.5-16.s390.rpm
File outdated by:  RHSA-2009:0358
    MD5: f21d2bbe58e1d4bc10451d3b66d477df
evolution-devel-1.4.5-16.s390.rpm
File outdated by:  RHSA-2009:0358
    MD5: c1f9135edee72d450f822da6b70517c1
 
s390x:
evolution-1.4.5-16.s390x.rpm
File outdated by:  RHSA-2009:0358
    MD5: e4845774c8ae63f2c754ee18bbfb08dd
evolution-devel-1.4.5-16.s390x.rpm
File outdated by:  RHSA-2009:0358
    MD5: 144becdb2a59b78e2510cac31968a4e1
 
x86_64:
evolution-1.4.5-16.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: ee6f495c0204f84f7d2ed4e96cbca4dd
evolution-devel-1.4.5-16.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: acba6d9167cedfec8b52f7acb0ce5773
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
evolution-2.0.2-16.3.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 38e6363d976371f9c506e85d85964f80
 
IA-32:
evolution-2.0.2-16.3.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: ebebd06e957857c33718dbeae32fe191
evolution-devel-2.0.2-16.3.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4a5434ff49d485307516b7074be33452
 
IA-64:
evolution-2.0.2-16.3.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 0c5f0fa243d7344c7c08e53fa9cf567c
evolution-devel-2.0.2-16.3.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: c6436a6670f2e95d57553a4be64727dd
 
PPC:
evolution-2.0.2-16.3.ppc.rpm
File outdated by:  RHSA-2009:0355
    MD5: fa014dc0973f2c0e6e9e53eada2870a9
evolution-devel-2.0.2-16.3.ppc.rpm
File outdated by:  RHSA-2009:0355
    MD5: eaca77794ce77f996dcb0edc2be28efa
 
s390:
evolution-2.0.2-16.3.s390.rpm
File outdated by:  RHSA-2009:0355
    MD5: 3aead415dfd8b2bd14cc365fbc2c72a5
evolution-devel-2.0.2-16.3.s390.rpm
File outdated by:  RHSA-2009:0355
    MD5: c2f76dc40fc4cabf40684b334ff61f3d
 
s390x:
evolution-2.0.2-16.3.s390x.rpm
File outdated by:  RHSA-2009:0355
    MD5: cd24f2f5e1b30c7e316e9de46c113270
evolution-devel-2.0.2-16.3.s390x.rpm
File outdated by:  RHSA-2009:0355
    MD5: 44e56bc1727578db18e4fddc06c62a97
 
x86_64:
evolution-2.0.2-16.3.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: ec340d42ffdcb8de1d8ec844868f92b7
evolution-devel-2.0.2-16.3.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 55df9a9c087385075c1acc9864349d7c
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
evolution-1.4.5-16.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: 64de9c454f1985ac261404de29171459
 
IA-32:
evolution-1.4.5-16.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: b6ab1aee94253b982a327828d201ab90
evolution-devel-1.4.5-16.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 72e961d8fafbd83ed5f354a1f066f308
 
IA-64:
evolution-1.4.5-16.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 0afe128ad8d995daf7e52d1f718ac3fa
evolution-devel-1.4.5-16.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 841a301e4f8f0b7fdf9254278d2a0d01
 
x86_64:
evolution-1.4.5-16.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: ee6f495c0204f84f7d2ed4e96cbca4dd
evolution-devel-1.4.5-16.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: acba6d9167cedfec8b52f7acb0ce5773
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
evolution-2.0.2-16.3.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 38e6363d976371f9c506e85d85964f80
 
IA-32:
evolution-2.0.2-16.3.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: ebebd06e957857c33718dbeae32fe191
evolution-devel-2.0.2-16.3.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4a5434ff49d485307516b7074be33452
 
IA-64:
evolution-2.0.2-16.3.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 0c5f0fa243d7344c7c08e53fa9cf567c
evolution-devel-2.0.2-16.3.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: c6436a6670f2e95d57553a4be64727dd
 
x86_64:
evolution-2.0.2-16.3.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: ec340d42ffdcb8de1d8ec844868f92b7
evolution-devel-2.0.2-16.3.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 55df9a9c087385075c1acc9864349d7c
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
evolution-1.4.5-16.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: 64de9c454f1985ac261404de29171459
 
IA-32:
evolution-1.4.5-16.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: b6ab1aee94253b982a327828d201ab90
evolution-devel-1.4.5-16.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 72e961d8fafbd83ed5f354a1f066f308
 
IA-64:
evolution-1.4.5-16.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 0afe128ad8d995daf7e52d1f718ac3fa
evolution-devel-1.4.5-16.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 841a301e4f8f0b7fdf9254278d2a0d01
 
x86_64:
evolution-1.4.5-16.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: ee6f495c0204f84f7d2ed4e96cbca4dd
evolution-devel-1.4.5-16.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: acba6d9167cedfec8b52f7acb0ce5773
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
evolution-2.0.2-16.3.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 38e6363d976371f9c506e85d85964f80
 
IA-32:
evolution-2.0.2-16.3.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: ebebd06e957857c33718dbeae32fe191
evolution-devel-2.0.2-16.3.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4a5434ff49d485307516b7074be33452
 
IA-64:
evolution-2.0.2-16.3.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 0c5f0fa243d7344c7c08e53fa9cf567c
evolution-devel-2.0.2-16.3.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: c6436a6670f2e95d57553a4be64727dd
 
x86_64:
evolution-2.0.2-16.3.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: ec340d42ffdcb8de1d8ec844868f92b7
evolution-devel-2.0.2-16.3.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 55df9a9c087385075c1acc9864349d7c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

165235 - CAN-2005-2549 Sitic Vulnerability Advisory: SA05-001 Evolution multiple remote format string bugs (RHEL4) (CAN-2005-2550)
165236 - CAN-2005-2550 Sitic Vulnerability Advisory: SA05-001 Evolution multiple remote format string bugs (RHEL3)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/