GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jun 06, 2007 9:26 pm Post subject: [ GLSA 200706-02 ] Evolution: User-assisted execution of arb |
 |
|
Gentoo Linux Security Advisory
Title: Evolution: User-assisted execution of arbitrary code (GLSA 200706-02)
Severity: normal
Exploitable: remote
Date: June 06, 2007
Bug(s): #170879
ID: 200706-02
Synopsis
A vulnerability has been discovered in Evolution allowing for the execution
of arbitrary code.
Background
Evolution is the mail client of the GNOME desktop environment.
Affected Packages
Package: mail-client/evolution
Vulnerable: < 2.8.3-r2
Unaffected: >= 2.8.3-r2
Architectures: All supported architectures
Description
Ulf Harnhammar from Secunia Research has discovered a format string
error in the write_html() function in the file
calendar/gui/e-cal-component-memo-preview.c.
Impact
A remote attacker could entice a user to open a specially crafted
shared memo, possibly resulting in the execution of arbitrary code with
the privileges of the user running Evolution.
Workaround
There is no known workaround at this time.
Resolution
All Evolution users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/evolution-2.8.3-r2" |
References
CVE-2007-1002
Last edited by GLSA on Sun Oct 05, 2014 4:24 am; edited 5 times in total |
|
News & Announcements
