RedHat: Important: Evolution security update

    Date29 Aug 2005
    CategoryRed Hat
    6121
    Posted ByLinuxSecurity Advisories
    Updated evolution packages that fix a format string issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Important: Evolution security update
    Advisory ID:       RHSA-2005:267-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-267.html
    Issue date:        2005-08-29
    Updated on:        2005-08-29
    Product:           Red Hat Enterprise Linux
    CVE Names:         CAN-2005-2549 CAN-2005-2550
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated evolution packages that fix a format string issue are now available.
    
    This update has been rated as having important security impact by the Red
    Hat Security Response Team.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Desktop version 3 - i386, x86_64
    Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
    Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
    
    3. Problem description:
    
    Evolution is the GNOME collection of personal information management (PIM)
    tools.
    
    A format string bug was found in Evolution.  If a user tries to save a
    carefully crafted meeting or appointment, arbitrary code may be executed as
    the user running Evolution. The Common Vulnerabilities and Exposures
    project has assigned the name CAN-2005-2550 to this issue.
    
    Additionally, several other format string bugs were found in Evolution. If
    a user views a malicious vCard, connects to a malicious LDAP server, or
    displays a task list from a malicious remote server, arbitrary code may be
    executed as the user running Evolution. The Common Vulnerabilities and
    Exposures project has assigned the name CAN-2005-2549 to this issue. Please
    note that this issue only affects Red Hat Enterprise Linux 4.
    
    All users of Evolution should upgrade to these updated packages, which
    contain a backported patch which resolves this issue.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    165235 - CAN-2005-2549 Sitic Vulnerability Advisory: SA05-001 Evolution multiple remote format string bugs (RHEL4) (CAN-2005-2550)
    165236 - CAN-2005-2550 Sitic Vulnerability Advisory: SA05-001 Evolution multiple remote format string bugs (RHEL3)
    
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/evolution-1.4.5-16.src.rpm
    64de9c454f1985ac261404de29171459  evolution-1.4.5-16.src.rpm
    
    i386:
    b6ab1aee94253b982a327828d201ab90  evolution-1.4.5-16.i386.rpm
    72e961d8fafbd83ed5f354a1f066f308  evolution-devel-1.4.5-16.i386.rpm
    
    ia64:
    0afe128ad8d995daf7e52d1f718ac3fa  evolution-1.4.5-16.ia64.rpm
    841a301e4f8f0b7fdf9254278d2a0d01  evolution-devel-1.4.5-16.ia64.rpm
    
    ppc:
    45ccb2ad1cad38000bdf9735d89740cd  evolution-1.4.5-16.ppc.rpm
    471dbd100230ec85140667ab4afe4f9a  evolution-devel-1.4.5-16.ppc.rpm
    
    s390:
    f21d2bbe58e1d4bc10451d3b66d477df  evolution-1.4.5-16.s390.rpm
    c1f9135edee72d450f822da6b70517c1  evolution-devel-1.4.5-16.s390.rpm
    
    s390x:
    e4845774c8ae63f2c754ee18bbfb08dd  evolution-1.4.5-16.s390x.rpm
    144becdb2a59b78e2510cac31968a4e1  evolution-devel-1.4.5-16.s390x.rpm
    
    x86_64:
    ee6f495c0204f84f7d2ed4e96cbca4dd  evolution-1.4.5-16.x86_64.rpm
    acba6d9167cedfec8b52f7acb0ce5773  evolution-devel-1.4.5-16.x86_64.rpm
    
    Red Hat Desktop version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/evolution-1.4.5-16.src.rpm
    64de9c454f1985ac261404de29171459  evolution-1.4.5-16.src.rpm
    
    i386:
    b6ab1aee94253b982a327828d201ab90  evolution-1.4.5-16.i386.rpm
    72e961d8fafbd83ed5f354a1f066f308  evolution-devel-1.4.5-16.i386.rpm
    
    x86_64:
    ee6f495c0204f84f7d2ed4e96cbca4dd  evolution-1.4.5-16.x86_64.rpm
    acba6d9167cedfec8b52f7acb0ce5773  evolution-devel-1.4.5-16.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/evolution-1.4.5-16.src.rpm
    64de9c454f1985ac261404de29171459  evolution-1.4.5-16.src.rpm
    
    i386:
    b6ab1aee94253b982a327828d201ab90  evolution-1.4.5-16.i386.rpm
    72e961d8fafbd83ed5f354a1f066f308  evolution-devel-1.4.5-16.i386.rpm
    
    ia64:
    0afe128ad8d995daf7e52d1f718ac3fa  evolution-1.4.5-16.ia64.rpm
    841a301e4f8f0b7fdf9254278d2a0d01  evolution-devel-1.4.5-16.ia64.rpm
    
    x86_64:
    ee6f495c0204f84f7d2ed4e96cbca4dd  evolution-1.4.5-16.x86_64.rpm
    acba6d9167cedfec8b52f7acb0ce5773  evolution-devel-1.4.5-16.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/evolution-1.4.5-16.src.rpm
    64de9c454f1985ac261404de29171459  evolution-1.4.5-16.src.rpm
    
    i386:
    b6ab1aee94253b982a327828d201ab90  evolution-1.4.5-16.i386.rpm
    72e961d8fafbd83ed5f354a1f066f308  evolution-devel-1.4.5-16.i386.rpm
    
    ia64:
    0afe128ad8d995daf7e52d1f718ac3fa  evolution-1.4.5-16.ia64.rpm
    841a301e4f8f0b7fdf9254278d2a0d01  evolution-devel-1.4.5-16.ia64.rpm
    
    x86_64:
    ee6f495c0204f84f7d2ed4e96cbca4dd  evolution-1.4.5-16.x86_64.rpm
    acba6d9167cedfec8b52f7acb0ce5773  evolution-devel-1.4.5-16.x86_64.rpm
    
    Red Hat Enterprise Linux AS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution-2.0.2-16.3.src.rpm
    38e6363d976371f9c506e85d85964f80  evolution-2.0.2-16.3.src.rpm
    
    i386:
    ebebd06e957857c33718dbeae32fe191  evolution-2.0.2-16.3.i386.rpm
    4a5434ff49d485307516b7074be33452  evolution-devel-2.0.2-16.3.i386.rpm
    
    ia64:
    0c5f0fa243d7344c7c08e53fa9cf567c  evolution-2.0.2-16.3.ia64.rpm
    c6436a6670f2e95d57553a4be64727dd  evolution-devel-2.0.2-16.3.ia64.rpm
    
    ppc:
    fa014dc0973f2c0e6e9e53eada2870a9  evolution-2.0.2-16.3.ppc.rpm
    eaca77794ce77f996dcb0edc2be28efa  evolution-devel-2.0.2-16.3.ppc.rpm
    
    s390:
    3aead415dfd8b2bd14cc365fbc2c72a5  evolution-2.0.2-16.3.s390.rpm
    c2f76dc40fc4cabf40684b334ff61f3d  evolution-devel-2.0.2-16.3.s390.rpm
    
    s390x:
    cd24f2f5e1b30c7e316e9de46c113270  evolution-2.0.2-16.3.s390x.rpm
    44e56bc1727578db18e4fddc06c62a97  evolution-devel-2.0.2-16.3.s390x.rpm
    
    x86_64:
    ec340d42ffdcb8de1d8ec844868f92b7  evolution-2.0.2-16.3.x86_64.rpm
    55df9a9c087385075c1acc9864349d7c  evolution-devel-2.0.2-16.3.x86_64.rpm
    
    Red Hat Enterprise Linux Desktop version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution-2.0.2-16.3.src.rpm
    38e6363d976371f9c506e85d85964f80  evolution-2.0.2-16.3.src.rpm
    
    i386:
    ebebd06e957857c33718dbeae32fe191  evolution-2.0.2-16.3.i386.rpm
    4a5434ff49d485307516b7074be33452  evolution-devel-2.0.2-16.3.i386.rpm
    
    x86_64:
    ec340d42ffdcb8de1d8ec844868f92b7  evolution-2.0.2-16.3.x86_64.rpm
    55df9a9c087385075c1acc9864349d7c  evolution-devel-2.0.2-16.3.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution-2.0.2-16.3.src.rpm
    38e6363d976371f9c506e85d85964f80  evolution-2.0.2-16.3.src.rpm
    
    i386:
    ebebd06e957857c33718dbeae32fe191  evolution-2.0.2-16.3.i386.rpm
    4a5434ff49d485307516b7074be33452  evolution-devel-2.0.2-16.3.i386.rpm
    
    ia64:
    0c5f0fa243d7344c7c08e53fa9cf567c  evolution-2.0.2-16.3.ia64.rpm
    c6436a6670f2e95d57553a4be64727dd  evolution-devel-2.0.2-16.3.ia64.rpm
    
    x86_64:
    ec340d42ffdcb8de1d8ec844868f92b7  evolution-2.0.2-16.3.x86_64.rpm
    55df9a9c087385075c1acc9864349d7c  evolution-devel-2.0.2-16.3.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution-2.0.2-16.3.src.rpm
    38e6363d976371f9c506e85d85964f80  evolution-2.0.2-16.3.src.rpm
    
    i386:
    ebebd06e957857c33718dbeae32fe191  evolution-2.0.2-16.3.i386.rpm
    4a5434ff49d485307516b7074be33452  evolution-devel-2.0.2-16.3.i386.rpm
    
    ia64:
    0c5f0fa243d7344c7c08e53fa9cf567c  evolution-2.0.2-16.3.ia64.rpm
    c6436a6670f2e95d57553a4be64727dd  evolution-devel-2.0.2-16.3.ia64.rpm
    
    x86_64:
    ec340d42ffdcb8de1d8ec844868f92b7  evolution-2.0.2-16.3.x86_64.rpm
    55df9a9c087385075c1acc9864349d7c  evolution-devel-2.0.2-16.3.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"5","type":"x","order":"2","pct":62.5,"resources":[]},{"id":"86","title":"No","votes":"3","type":"x","order":"3","pct":37.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.