Skip to navigation

Security Advisory Low: evolution security and bug fix update

Advisory: RHSA-2013:0516-2
Type: Security Advisory
Severity: Low
Issued on: 2013-02-21
Last updated on: 2013-02-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-3201

Details

Updated evolution packages that fix one security issue and three bugs are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Evolution is the GNOME mailer, calendar, contact manager and communication
tool. The components which make up Evolution are tightly integrated with
one another and act as a seamless personal information-management tool.

The way Evolution handled mailto URLs allowed any file to be attached to
the new message. This could lead to information disclosure if the user did
not notice the attached file before sending the message. With this update,
mailto URLs cannot be used to attach certain files, such as hidden files or
files in hidden directories, files in the /etc/ directory, or files
specified using a path containing "..". (CVE-2011-3201)

Red Hat would like to thank Matt McCutchen for reporting this issue.

This update also fixes the following bugs:

* Creating a contact list with contact names encoded in UTF-8 caused these
names to be displayed in the contact list editor in the ASCII encoding
instead of UTF-8. This bug has been fixed and the contact list editor now
displays the names in the correct format. (BZ#707526)

* Due to a bug in the evolution-alarm-notify process, calendar appointment
alarms did not appear in some types of calendars. The underlying source
code has been modified and calendar notifications work as expected.
(BZ#805239)

* An attempt to print a calendar month view as a PDF file caused Evolution
to terminate unexpectedly. This update applies a patch to fix this bug and
Evolution no longer crashes in this situation. (BZ#890642)

All evolution users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running instances
of Evolution must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
evolution-2.28.3-30.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 73afdcc52a238b897fe3ff7ded10c14f
SHA-256: 388f3a086214fa80798b97f4b1a09c2bb0045c8d5ed9fe604ef8427bfb52ee2d
 
IA-32:
evolution-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 20cd687e90b0a42ecae18f3031cd90a4
SHA-256: f296662880a280a11bd1ea61af1d1577f188f25b6e31cc9ff083d457e9fb3325
evolution-conduits-2.28.3-30.el6.i686.rpm     MD5: 441b57985fe0145ac0d006548b25ef99
SHA-256: d36154e8893a8837c02a3dc4d05c3fb5d262b0fd893109aa824d0cf9371a7251
evolution-debuginfo-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 462089849408a12d67f5ee58c390a988
SHA-256: 5e58b1ee70ecaa8f3d51f4768ae0a88b314fcacfa572253dced993d6cc674820
evolution-devel-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: c36940424b136bc711f4c89d49f17371
SHA-256: 75f2e478574d0b0a34a446794805a4b78e6343450b03c7d3b3c98bb0b9956c0b
evolution-help-2.28.3-30.el6.noarch.rpm
File outdated by:  RHSA-2013:1540
    MD5: e2a7d62a4fcf3774be9dc13f7e13e082
SHA-256: 1929518676a2d40a79efb7e4132cef65efff802c8649328cb06c31ea7d5e9c8b
evolution-perl-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 6afb3c05777853dd82845f27e8de9b45
SHA-256: 6ce15d7f1f755a630183078a5cf4d6c460613f1f56662580a52384e9a10a35c7
evolution-pst-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 37b94c2b33832c3176e540523ba3650c
SHA-256: 1aa022fac8299ed0bbd32a9859f473838a635e290c1a0801e6fbdd1bc55d95a9
evolution-spamassassin-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 420432b44978cb4ed2b96d53b17b767f
SHA-256: 3172b28319c44840a27d9287f0b905970816aa3dd4038b0898c60544e9c2981c
 
x86_64:
evolution-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 20cd687e90b0a42ecae18f3031cd90a4
SHA-256: f296662880a280a11bd1ea61af1d1577f188f25b6e31cc9ff083d457e9fb3325
evolution-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 57d43354630a96503aff3c9c957ae7b3
SHA-256: 4121b6840ff0ffab2d8fc819be3a941baabe4824e6670282ed6958e7fcdd14e7
evolution-conduits-2.28.3-30.el6.i686.rpm     MD5: 441b57985fe0145ac0d006548b25ef99
SHA-256: d36154e8893a8837c02a3dc4d05c3fb5d262b0fd893109aa824d0cf9371a7251
evolution-conduits-2.28.3-30.el6.x86_64.rpm     MD5: 6d582f7c41150efff460a86bb04b1b45
SHA-256: ff84b317f835aba81158fde43390b62a368cd99bcd1cce70259f130a1fb1274c
evolution-debuginfo-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 462089849408a12d67f5ee58c390a988
SHA-256: 5e58b1ee70ecaa8f3d51f4768ae0a88b314fcacfa572253dced993d6cc674820
evolution-debuginfo-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 12f1e255efa6a45e1f67052ff56be847
SHA-256: 3061da8738334f141f41ad7f76df081f7bb2d32801e75631e146e614407f236a
evolution-devel-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: c36940424b136bc711f4c89d49f17371
SHA-256: 75f2e478574d0b0a34a446794805a4b78e6343450b03c7d3b3c98bb0b9956c0b
evolution-devel-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3988bac7343bee661c5d23c2ddb26c6f
SHA-256: 7418f755f3d27dec6c624345b6d1f4f60eab95dca2801feb734238b18d8f60a1
evolution-help-2.28.3-30.el6.noarch.rpm
File outdated by:  RHSA-2013:1540
    MD5: e2a7d62a4fcf3774be9dc13f7e13e082
SHA-256: 1929518676a2d40a79efb7e4132cef65efff802c8649328cb06c31ea7d5e9c8b
evolution-perl-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 6cebf369023dc297cb6378eb0fd03eb3
SHA-256: 4256c9c39272bd6e06277f90abc2c9a9ec11868291381a021f8a27c097d196a7
evolution-pst-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: c1cd6755dfd71af16572b67a481db9cf
SHA-256: 1f336a8cfeda53758c893c25272c058ee2428b695d371a566e6253653b4e5125
evolution-spamassassin-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 1f44596209e27a1bf49cbbb4c4fbcc23
SHA-256: 8135b0c436b5d9ca3d30685c09fec2eb34b004d60e214490a66d4329b75b8c0e
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
evolution-2.28.3-30.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 73afdcc52a238b897fe3ff7ded10c14f
SHA-256: 388f3a086214fa80798b97f4b1a09c2bb0045c8d5ed9fe604ef8427bfb52ee2d
 
IA-32:
evolution-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 20cd687e90b0a42ecae18f3031cd90a4
SHA-256: f296662880a280a11bd1ea61af1d1577f188f25b6e31cc9ff083d457e9fb3325
evolution-conduits-2.28.3-30.el6.i686.rpm     MD5: 441b57985fe0145ac0d006548b25ef99
SHA-256: d36154e8893a8837c02a3dc4d05c3fb5d262b0fd893109aa824d0cf9371a7251
evolution-debuginfo-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 462089849408a12d67f5ee58c390a988
SHA-256: 5e58b1ee70ecaa8f3d51f4768ae0a88b314fcacfa572253dced993d6cc674820
evolution-devel-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: c36940424b136bc711f4c89d49f17371
SHA-256: 75f2e478574d0b0a34a446794805a4b78e6343450b03c7d3b3c98bb0b9956c0b
evolution-help-2.28.3-30.el6.noarch.rpm
File outdated by:  RHSA-2013:1540
    MD5: e2a7d62a4fcf3774be9dc13f7e13e082
SHA-256: 1929518676a2d40a79efb7e4132cef65efff802c8649328cb06c31ea7d5e9c8b
evolution-perl-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 6afb3c05777853dd82845f27e8de9b45
SHA-256: 6ce15d7f1f755a630183078a5cf4d6c460613f1f56662580a52384e9a10a35c7
evolution-pst-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 37b94c2b33832c3176e540523ba3650c
SHA-256: 1aa022fac8299ed0bbd32a9859f473838a635e290c1a0801e6fbdd1bc55d95a9
evolution-spamassassin-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 420432b44978cb4ed2b96d53b17b767f
SHA-256: 3172b28319c44840a27d9287f0b905970816aa3dd4038b0898c60544e9c2981c
 
PPC:
evolution-2.28.3-30.el6.ppc.rpm
File outdated by:  RHSA-2013:1540
    MD5: 4a258aa65a6c8063cce91b6ead9a442e
SHA-256: fdb6b3bdc99a92e5a3d582e99b348be45be3cb082412da167290e02984760170
evolution-2.28.3-30.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 6c9b88f2b3897ff591905def17127019
SHA-256: f5fd31e624bd7bbd200e3072e66f36a5da81b3da4764ada950276a7e685ff0ac
evolution-conduits-2.28.3-30.el6.ppc.rpm     MD5: dd52deb564a0aea9f5f0b6b5ad87a5ef
SHA-256: b31bbcb6c05063d4c727d3fa86b8e0c8b6f7731ae3d47977cbda81ce23fb476b
evolution-conduits-2.28.3-30.el6.ppc64.rpm     MD5: edbdd371c9a6aabe2d3846ab894b6b1d
SHA-256: b2a9bed039a86672decac16e2b11580a7d48830eb07b831b5af18546b483d694
evolution-debuginfo-2.28.3-30.el6.ppc.rpm
File outdated by:  RHSA-2013:1540
    MD5: 7b11ccf6c391de571a0f2fea6503330f
SHA-256: 1f84a8333c1d939b08d7b2991a285def5cad1f085d0317e0dbd3e4c69e0eaabb
evolution-debuginfo-2.28.3-30.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 1e6db1a843a8bebaa3f0c30a716fa4ae
SHA-256: 59c9b14727dd72fc4ff7529e1f6eb328b50c7575ea3bcfb6f9d85e69781f2b0a
evolution-devel-2.28.3-30.el6.ppc.rpm
File outdated by:  RHSA-2013:1540
    MD5: b9e6929647e4c8f6ea43e1425191423f
SHA-256: 9671bb719c682596e6dc4b05de43760e054cf183f2aafdb573d8ce522284ba46
evolution-devel-2.28.3-30.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 1d93a022286a409ae635c02eff361977
SHA-256: c6e92ff47fff763f8cb3e03c35b00af9121578308f80459bdeba4a5f045485b8
evolution-help-2.28.3-30.el6.noarch.rpm
File outdated by:  RHSA-2013:1540
    MD5: e2a7d62a4fcf3774be9dc13f7e13e082
SHA-256: 1929518676a2d40a79efb7e4132cef65efff802c8649328cb06c31ea7d5e9c8b
evolution-perl-2.28.3-30.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 67ab09b5e4cad036300eedc17c5ed4a1
SHA-256: 2b4ee480ff040a7502ee81193729c8aa4db7287eab841417a778f85aa7941c7e
evolution-pst-2.28.3-30.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 90d3e0df45d086040793f5b2d9cb2e65
SHA-256: fcf36d529126b47b36d7c981b3bd4ef81218f04d5efcbcd147ef6a0c74ce0ee1
evolution-spamassassin-2.28.3-30.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: ce5f469c6dcf548fc2ac4254e5c93a7f
SHA-256: 5e0e5b4509162ad69657b2690c90a9492c13e035eda551bacc6f71bd9a538973
 
x86_64:
evolution-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 20cd687e90b0a42ecae18f3031cd90a4
SHA-256: f296662880a280a11bd1ea61af1d1577f188f25b6e31cc9ff083d457e9fb3325
evolution-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 57d43354630a96503aff3c9c957ae7b3
SHA-256: 4121b6840ff0ffab2d8fc819be3a941baabe4824e6670282ed6958e7fcdd14e7
evolution-conduits-2.28.3-30.el6.i686.rpm     MD5: 441b57985fe0145ac0d006548b25ef99
SHA-256: d36154e8893a8837c02a3dc4d05c3fb5d262b0fd893109aa824d0cf9371a7251
evolution-conduits-2.28.3-30.el6.x86_64.rpm     MD5: 6d582f7c41150efff460a86bb04b1b45
SHA-256: ff84b317f835aba81158fde43390b62a368cd99bcd1cce70259f130a1fb1274c
evolution-debuginfo-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 462089849408a12d67f5ee58c390a988
SHA-256: 5e58b1ee70ecaa8f3d51f4768ae0a88b314fcacfa572253dced993d6cc674820
evolution-debuginfo-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 12f1e255efa6a45e1f67052ff56be847
SHA-256: 3061da8738334f141f41ad7f76df081f7bb2d32801e75631e146e614407f236a
evolution-devel-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: c36940424b136bc711f4c89d49f17371
SHA-256: 75f2e478574d0b0a34a446794805a4b78e6343450b03c7d3b3c98bb0b9956c0b
evolution-devel-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3988bac7343bee661c5d23c2ddb26c6f
SHA-256: 7418f755f3d27dec6c624345b6d1f4f60eab95dca2801feb734238b18d8f60a1
evolution-help-2.28.3-30.el6.noarch.rpm
File outdated by:  RHSA-2013:1540
    MD5: e2a7d62a4fcf3774be9dc13f7e13e082
SHA-256: 1929518676a2d40a79efb7e4132cef65efff802c8649328cb06c31ea7d5e9c8b
evolution-perl-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 6cebf369023dc297cb6378eb0fd03eb3
SHA-256: 4256c9c39272bd6e06277f90abc2c9a9ec11868291381a021f8a27c097d196a7
evolution-pst-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: c1cd6755dfd71af16572b67a481db9cf
SHA-256: 1f336a8cfeda53758c893c25272c058ee2428b695d371a566e6253653b4e5125
evolution-spamassassin-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 1f44596209e27a1bf49cbbb4c4fbcc23
SHA-256: 8135b0c436b5d9ca3d30685c09fec2eb34b004d60e214490a66d4329b75b8c0e
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
evolution-2.28.3-30.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 73afdcc52a238b897fe3ff7ded10c14f
SHA-256: 388f3a086214fa80798b97f4b1a09c2bb0045c8d5ed9fe604ef8427bfb52ee2d
 
IA-32:
evolution-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 20cd687e90b0a42ecae18f3031cd90a4
SHA-256: f296662880a280a11bd1ea61af1d1577f188f25b6e31cc9ff083d457e9fb3325
evolution-conduits-2.28.3-30.el6.i686.rpm     MD5: 441b57985fe0145ac0d006548b25ef99
SHA-256: d36154e8893a8837c02a3dc4d05c3fb5d262b0fd893109aa824d0cf9371a7251
evolution-debuginfo-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 462089849408a12d67f5ee58c390a988
SHA-256: 5e58b1ee70ecaa8f3d51f4768ae0a88b314fcacfa572253dced993d6cc674820
evolution-devel-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: c36940424b136bc711f4c89d49f17371
SHA-256: 75f2e478574d0b0a34a446794805a4b78e6343450b03c7d3b3c98bb0b9956c0b
evolution-help-2.28.3-30.el6.noarch.rpm
File outdated by:  RHSA-2013:1540
    MD5: e2a7d62a4fcf3774be9dc13f7e13e082
SHA-256: 1929518676a2d40a79efb7e4132cef65efff802c8649328cb06c31ea7d5e9c8b
evolution-perl-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 6afb3c05777853dd82845f27e8de9b45
SHA-256: 6ce15d7f1f755a630183078a5cf4d6c460613f1f56662580a52384e9a10a35c7
evolution-pst-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 37b94c2b33832c3176e540523ba3650c
SHA-256: 1aa022fac8299ed0bbd32a9859f473838a635e290c1a0801e6fbdd1bc55d95a9
evolution-spamassassin-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 420432b44978cb4ed2b96d53b17b767f
SHA-256: 3172b28319c44840a27d9287f0b905970816aa3dd4038b0898c60544e9c2981c
 
x86_64:
evolution-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 20cd687e90b0a42ecae18f3031cd90a4
SHA-256: f296662880a280a11bd1ea61af1d1577f188f25b6e31cc9ff083d457e9fb3325
evolution-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 57d43354630a96503aff3c9c957ae7b3
SHA-256: 4121b6840ff0ffab2d8fc819be3a941baabe4824e6670282ed6958e7fcdd14e7
evolution-conduits-2.28.3-30.el6.i686.rpm     MD5: 441b57985fe0145ac0d006548b25ef99
SHA-256: d36154e8893a8837c02a3dc4d05c3fb5d262b0fd893109aa824d0cf9371a7251
evolution-conduits-2.28.3-30.el6.x86_64.rpm     MD5: 6d582f7c41150efff460a86bb04b1b45
SHA-256: ff84b317f835aba81158fde43390b62a368cd99bcd1cce70259f130a1fb1274c
evolution-debuginfo-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 462089849408a12d67f5ee58c390a988
SHA-256: 5e58b1ee70ecaa8f3d51f4768ae0a88b314fcacfa572253dced993d6cc674820
evolution-debuginfo-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 12f1e255efa6a45e1f67052ff56be847
SHA-256: 3061da8738334f141f41ad7f76df081f7bb2d32801e75631e146e614407f236a
evolution-devel-2.28.3-30.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: c36940424b136bc711f4c89d49f17371
SHA-256: 75f2e478574d0b0a34a446794805a4b78e6343450b03c7d3b3c98bb0b9956c0b
evolution-devel-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3988bac7343bee661c5d23c2ddb26c6f
SHA-256: 7418f755f3d27dec6c624345b6d1f4f60eab95dca2801feb734238b18d8f60a1
evolution-help-2.28.3-30.el6.noarch.rpm
File outdated by:  RHSA-2013:1540
    MD5: e2a7d62a4fcf3774be9dc13f7e13e082
SHA-256: 1929518676a2d40a79efb7e4132cef65efff802c8649328cb06c31ea7d5e9c8b
evolution-perl-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 6cebf369023dc297cb6378eb0fd03eb3
SHA-256: 4256c9c39272bd6e06277f90abc2c9a9ec11868291381a021f8a27c097d196a7
evolution-pst-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: c1cd6755dfd71af16572b67a481db9cf
SHA-256: 1f336a8cfeda53758c893c25272c058ee2428b695d371a566e6253653b4e5125
evolution-spamassassin-2.28.3-30.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 1f44596209e27a1bf49cbbb4c4fbcc23
SHA-256: 8135b0c436b5d9ca3d30685c09fec2eb34b004d60e214490a66d4329b75b8c0e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

733504 - CVE-2011-3201 evolution: mailto URL scheme attachment header improper input validation
805239 - Alarms don't work for CalDAV
890642 - Evolution has implicit declarations (unknown functions)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/