Skip to navigation

Security Advisory Important: evolution security update

Advisory: RHSA-2007:0509-3
Type: Security Advisory
Severity: Important
Issued on: 2007-06-25
Last updated on: 2007-06-25
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-3257

Details

Updated evolution packages that fix a security bug are now available for
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Evolution is the GNOME collection of personal information management (PIM)
tools.

A flaw was found in the way Evolution processes certain IMAP server
messages. If a user can be tricked into connecting to a malicious IMAP
server it may be possible to execute arbitrary code as the user running
evolution. (CVE-2007-3257)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
evolution-1.4.5-21.el3.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: 133bd9d135d57401220e297b08592569
 
IA-32:
evolution-1.4.5-21.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3240b18546211f6f7f90af564eabe6d3
evolution-devel-1.4.5-21.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 90c66dddee23c8629e4874ef83a0ab14
 
x86_64:
evolution-1.4.5-21.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3a16c64f8ac5b98e58d86ac96cc5eca2
evolution-devel-1.4.5-21.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: e31aa94848a449ea7e60799674db7a66
 
Red Hat Desktop (v. 4)

SRPMS:
evolution-2.0.2-35.0.4.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 945a46e6e090e5bfb6584e17b515b7e2
 
IA-32:
evolution-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 1b930f927b393b2f992ae5ade62d3724
evolution-devel-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 5feb9fc9723d675f6660f2e25696bc99
 
x86_64:
evolution-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: a2187062d34995855fd99486d99f0b28
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: ab39bc6fa338cbd11bcb825ca9f8fed1
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
evolution-1.4.5-21.el3.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: 133bd9d135d57401220e297b08592569
 
IA-32:
evolution-1.4.5-21.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3240b18546211f6f7f90af564eabe6d3
evolution-devel-1.4.5-21.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 90c66dddee23c8629e4874ef83a0ab14
 
IA-64:
evolution-1.4.5-21.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: c767af272bd2a224f9e9b79afbea5ad7
evolution-devel-1.4.5-21.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 894c7c527477e52a71109aacd6639005
 
PPC:
evolution-1.4.5-21.el3.ppc.rpm
File outdated by:  RHSA-2009:0358
    MD5: e7330fb33f630dd899de414d910ea550
evolution-devel-1.4.5-21.el3.ppc.rpm
File outdated by:  RHSA-2009:0358
    MD5: a0c4ca379e5ce75fc55e5c4931049a90
 
s390:
evolution-1.4.5-21.el3.s390.rpm
File outdated by:  RHSA-2009:0358
    MD5: 834327a97e3f6699468518286799011e
evolution-devel-1.4.5-21.el3.s390.rpm
File outdated by:  RHSA-2009:0358
    MD5: d534dee6e2949e30d8e1a4fea92159fe
 
s390x:
evolution-1.4.5-21.el3.s390x.rpm
File outdated by:  RHSA-2009:0358
    MD5: 1c8e99284b340e125526410b986d78ff
evolution-devel-1.4.5-21.el3.s390x.rpm
File outdated by:  RHSA-2009:0358
    MD5: 142cdcac4a1f66c5a04322880222ec8c
 
x86_64:
evolution-1.4.5-21.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3a16c64f8ac5b98e58d86ac96cc5eca2
evolution-devel-1.4.5-21.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: e31aa94848a449ea7e60799674db7a66
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
evolution-2.0.2-35.0.4.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 945a46e6e090e5bfb6584e17b515b7e2
 
IA-32:
evolution-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 1b930f927b393b2f992ae5ade62d3724
evolution-devel-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 5feb9fc9723d675f6660f2e25696bc99
 
IA-64:
evolution-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: c2bce752b834c8d701ae63ca35d254b1
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 41fa9eb1473f227160d85673af9a4a7a
 
PPC:
evolution-2.0.2-35.0.4.el4.ppc.rpm
File outdated by:  RHSA-2009:0355
    MD5: 22cdd0404e707829f647e7d66cdb266d
evolution-devel-2.0.2-35.0.4.el4.ppc.rpm
File outdated by:  RHSA-2009:0355
    MD5: 76a2ec120ead5cc1ae79d86e4848cc88
 
s390:
evolution-2.0.2-35.0.4.el4.s390.rpm
File outdated by:  RHSA-2009:0355
    MD5: faa92c8145cb6debf0cb65286359a529
evolution-devel-2.0.2-35.0.4.el4.s390.rpm
File outdated by:  RHSA-2009:0355
    MD5: ba5f8676b68efcb7ae83c0f2f526bfeb
 
s390x:
evolution-2.0.2-35.0.4.el4.s390x.rpm
File outdated by:  RHSA-2009:0355
    MD5: b6fc478c43ec85dd40d91049fb3dccc4
evolution-devel-2.0.2-35.0.4.el4.s390x.rpm
File outdated by:  RHSA-2009:0355
    MD5: 92edaaa7813e1f8005d1512ab450aeb1
 
x86_64:
evolution-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: a2187062d34995855fd99486d99f0b28
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: ab39bc6fa338cbd11bcb825ca9f8fed1
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
evolution-2.0.2-35.0.4.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 945a46e6e090e5bfb6584e17b515b7e2
 
IA-32:
evolution-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 1b930f927b393b2f992ae5ade62d3724
evolution-devel-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 5feb9fc9723d675f6660f2e25696bc99
 
IA-64:
evolution-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: c2bce752b834c8d701ae63ca35d254b1
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 41fa9eb1473f227160d85673af9a4a7a
 
PPC:
evolution-2.0.2-35.0.4.el4.ppc.rpm
File outdated by:  RHSA-2008:0517
    MD5: 22cdd0404e707829f647e7d66cdb266d
evolution-devel-2.0.2-35.0.4.el4.ppc.rpm
File outdated by:  RHSA-2008:0517
    MD5: 76a2ec120ead5cc1ae79d86e4848cc88
 
s390:
evolution-2.0.2-35.0.4.el4.s390.rpm
File outdated by:  RHSA-2008:0517
    MD5: faa92c8145cb6debf0cb65286359a529
evolution-devel-2.0.2-35.0.4.el4.s390.rpm
File outdated by:  RHSA-2008:0517
    MD5: ba5f8676b68efcb7ae83c0f2f526bfeb
 
s390x:
evolution-2.0.2-35.0.4.el4.s390x.rpm
File outdated by:  RHSA-2008:0517
    MD5: b6fc478c43ec85dd40d91049fb3dccc4
evolution-devel-2.0.2-35.0.4.el4.s390x.rpm
File outdated by:  RHSA-2008:0517
    MD5: 92edaaa7813e1f8005d1512ab450aeb1
 
x86_64:
evolution-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: a2187062d34995855fd99486d99f0b28
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: ab39bc6fa338cbd11bcb825ca9f8fed1
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
evolution-1.4.5-21.el3.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: 133bd9d135d57401220e297b08592569
 
IA-32:
evolution-1.4.5-21.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3240b18546211f6f7f90af564eabe6d3
evolution-devel-1.4.5-21.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 90c66dddee23c8629e4874ef83a0ab14
 
IA-64:
evolution-1.4.5-21.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: c767af272bd2a224f9e9b79afbea5ad7
evolution-devel-1.4.5-21.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 894c7c527477e52a71109aacd6639005
 
x86_64:
evolution-1.4.5-21.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3a16c64f8ac5b98e58d86ac96cc5eca2
evolution-devel-1.4.5-21.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: e31aa94848a449ea7e60799674db7a66
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
evolution-2.0.2-35.0.4.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 945a46e6e090e5bfb6584e17b515b7e2
 
IA-32:
evolution-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 1b930f927b393b2f992ae5ade62d3724
evolution-devel-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 5feb9fc9723d675f6660f2e25696bc99
 
IA-64:
evolution-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: c2bce752b834c8d701ae63ca35d254b1
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 41fa9eb1473f227160d85673af9a4a7a
 
x86_64:
evolution-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: a2187062d34995855fd99486d99f0b28
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: ab39bc6fa338cbd11bcb825ca9f8fed1
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
evolution-2.0.2-35.0.4.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 945a46e6e090e5bfb6584e17b515b7e2
 
IA-32:
evolution-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 1b930f927b393b2f992ae5ade62d3724
evolution-devel-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 5feb9fc9723d675f6660f2e25696bc99
 
IA-64:
evolution-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: c2bce752b834c8d701ae63ca35d254b1
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 41fa9eb1473f227160d85673af9a4a7a
 
x86_64:
evolution-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: a2187062d34995855fd99486d99f0b28
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: ab39bc6fa338cbd11bcb825ca9f8fed1
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
evolution-1.4.5-21.el3.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: 133bd9d135d57401220e297b08592569
 
IA-32:
evolution-1.4.5-21.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3240b18546211f6f7f90af564eabe6d3
evolution-devel-1.4.5-21.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 90c66dddee23c8629e4874ef83a0ab14
 
IA-64:
evolution-1.4.5-21.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: c767af272bd2a224f9e9b79afbea5ad7
evolution-devel-1.4.5-21.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 894c7c527477e52a71109aacd6639005
 
x86_64:
evolution-1.4.5-21.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3a16c64f8ac5b98e58d86ac96cc5eca2
evolution-devel-1.4.5-21.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: e31aa94848a449ea7e60799674db7a66
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
evolution-2.0.2-35.0.4.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 945a46e6e090e5bfb6584e17b515b7e2
 
IA-32:
evolution-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 1b930f927b393b2f992ae5ade62d3724
evolution-devel-2.0.2-35.0.4.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 5feb9fc9723d675f6660f2e25696bc99
 
IA-64:
evolution-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: c2bce752b834c8d701ae63ca35d254b1
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 41fa9eb1473f227160d85673af9a4a7a
 
x86_64:
evolution-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: a2187062d34995855fd99486d99f0b28
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: ab39bc6fa338cbd11bcb825ca9f8fed1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

244277 - CVE-2007-3257 evolution malicious server arbitrary code execution


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/