Skip to navigation

Security Advisory Critical: evolution security update

Advisory: RHSA-2008:0178-4
Type: Security Advisory
Severity: Critical
Issued on: 2008-03-05
Last updated on: 2008-03-05
Affected Products: Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4.5.z)
CVEs (cve.mitre.org): CVE-2008-0072

Details

Updated evolution packages that fix a format string bug are now available
for Red Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Evolution is the GNOME collection of personal information management (PIM)
tools.

A format string flaw was found in the way Evolution displayed encrypted
mail content. If a user opened a carefully crafted mail message, arbitrary
code could be executed as the user running Evolution. (CVE-2008-0072)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding
and reporting this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
evolution-2.0.2-35.0.4.el4_5.1.src.rpm
File outdated by:  RHSA-2008:0517
    MD5: d3d4ce5f48d4fd71800cf70d045352d5
 
IA-32:
evolution-2.0.2-35.0.4.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 84fdc7067c06b8d92d8a2c826834868c
evolution-devel-2.0.2-35.0.4.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 7d3e3f9e77415427831e92f0c573eefb
 
IA-64:
evolution-2.0.2-35.0.4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 926219940f26c1ff311e4309fc359efc
evolution-devel-2.0.2-35.0.4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 2143fe2e9cc54830cf9d3cb43f8bcd7a
 
PPC:
evolution-2.0.2-35.0.4.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0517
    MD5: 3679b93b8c21e7b54c0284ff0c0fde74
evolution-devel-2.0.2-35.0.4.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0517
    MD5: e2254570efd5e11fe9ec0fc1ad963628
 
s390:
evolution-2.0.2-35.0.4.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0517
    MD5: 5ffba1ae96449d59b576761574aae6f3
evolution-devel-2.0.2-35.0.4.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0517
    MD5: aafbf5820703ca2bfef68feb34f1c29f
 
s390x:
evolution-2.0.2-35.0.4.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0517
    MD5: c79823f4d80a32f60486729ed0a30926
evolution-devel-2.0.2-35.0.4.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0517
    MD5: 9ddc044a8c6fa15a2b9d6fb680000ff0
 
x86_64:
evolution-2.0.2-35.0.4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 34d98cdde93627dcfd31488052c96ca4
evolution-devel-2.0.2-35.0.4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: dcb263c55d64a0c9a2792251dd17787c
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
evolution-2.0.2-35.0.4.el4_5.1.src.rpm
File outdated by:  RHSA-2008:0517
    MD5: d3d4ce5f48d4fd71800cf70d045352d5
 
IA-32:
evolution-2.0.2-35.0.4.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 84fdc7067c06b8d92d8a2c826834868c
evolution-devel-2.0.2-35.0.4.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 7d3e3f9e77415427831e92f0c573eefb
 
IA-64:
evolution-2.0.2-35.0.4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 926219940f26c1ff311e4309fc359efc
evolution-devel-2.0.2-35.0.4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 2143fe2e9cc54830cf9d3cb43f8bcd7a
 
x86_64:
evolution-2.0.2-35.0.4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 34d98cdde93627dcfd31488052c96ca4
evolution-devel-2.0.2-35.0.4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: dcb263c55d64a0c9a2792251dd17787c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

435759 - CVE-2008-0072 Evolution format string flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/