Ubuntu: Evolution vulnerability

    Date26 Mar 2007
    CategoryUbuntu
    4013
    Posted ByLinuxSecurity Advisories
    Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges.
    =========================================================== 
    Ubuntu Security Notice USN-442-1             March 26, 2007
    evolution vulnerability
    CVE-2007-1002
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 6.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      evolution                                2.6.1-0ubuntu7.1
    
    Ubuntu 6.10:
      evolution                                2.8.1-0ubuntu4.1
    
    After a standard system upgrade you need to restart Evolution or reboot 
    your computer to effect the necessary changes.
    
    Details follow:
    
    Ulf Harnhammar of Secunia Research discovered that Evolution did not 
    correctly handle format strings when displaying shared memos.  If a 
    remote attacker tricked a user into viewing a specially crafted shared 
    memo, they could execute arbitrary code with user privileges.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1.diff.gz
          Size/MD5:   203008 2ae07aca07876171488a3742fcf6cd7d
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1.dsc
          Size/MD5:     1402 70ff6cd8aba5ce24c06b89322023992f
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1.orig.tar.gz
          Size/MD5: 17037346 e2ba35f5eaa324d0eb552c1c87405042
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_amd64.deb
          Size/MD5:  6577972 498a48802494560e62697f9d1fc7f9ce
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_amd64.deb
          Size/MD5:   216282 e62eb68d84fc250692bbb2f306543f5e
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_amd64.deb
          Size/MD5:   332896 dae270dbfc6e066649d6582b47026a03
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_amd64.deb
          Size/MD5:  4955414 23d03c1b299f17cc35deeff387072b2c
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_i386.deb
          Size/MD5:  5741630 0f8ff4369f8532fda8ddf0e51cd520d0
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_i386.deb
          Size/MD5:   216300 1dea6eedc89ab62b30d305bae64cf280
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_i386.deb
          Size/MD5:   304794 537374fa643646397e4f190cf04c9a4f
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_i386.deb
          Size/MD5:  4696350 9a02afe119a2780003a153244fbfa6d8
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_powerpc.deb
          Size/MD5:  6512980 e13fc8bbc5d316072bdfc29dec731356
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_powerpc.deb
          Size/MD5:   216290 7a5b51f4d6242034010f228307f20cb1
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_powerpc.deb
          Size/MD5:   348122 bfa4413a04e17d2253f151707650848f
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_powerpc.deb
          Size/MD5:  4838568 24d0aa33e501a30354785c1fdc60a91b
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.6.1-0ubuntu7.1_sparc.deb
          Size/MD5:  5824986 77f688641c4d4391196aae225c101ddf
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.6.1-0ubuntu7.1_sparc.deb
          Size/MD5:   216314 7b7aa826df864586fd3081afe8e34dd3
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.6.1-0ubuntu7.1_sparc.deb
          Size/MD5:   304758 1ea9ddcd94a5d2e096105832801e382a
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1-0ubuntu7.1_sparc.deb
          Size/MD5:  4781704 8b845a4b4cdc0c9bb98e6036698d4d18
    
    Updated packages for Ubuntu 6.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1.diff.gz
          Size/MD5:   362367 369d47c1902a4eded5b638c786ab222c
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1.dsc
          Size/MD5:     1373 da428269e616e6f21d63266a0447424f
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1.orig.tar.gz
          Size/MD5: 17782443 0ce38f1ae7992e00eec3414e62cb3a59
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_amd64.deb
          Size/MD5:  6569246 4cd8e2a6ee3c2b00253804d65ce2417e
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_amd64.deb
          Size/MD5:   212314 43d020bb87ec8f9d00952d9f17f76cd3
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_amd64.deb
          Size/MD5:   124000 95d482c09e7140b76afa9c8ae788fe39
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_amd64.deb
          Size/MD5:  5341080 53a444b95c4275bf8e338251033aea4c
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_i386.deb
          Size/MD5:  6183514 debcc0562af15abf0049619b231a3851
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_i386.deb
          Size/MD5:   212326 833c45b1ac595d8b9c1fe0133f775f6f
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_i386.deb
          Size/MD5:   119026 f53322b9df228674cc5b5d5ec3b581a8
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_i386.deb
          Size/MD5:  5143056 3ad68c9a9a546379e4d37da97ea737e1
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_powerpc.deb
          Size/MD5:  6567094 0de2ecf5ac22debc34e62d4318bc1860
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_powerpc.deb
          Size/MD5:   212318 f2dcdcfcc4b2f157d258213a1ca6328e
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_powerpc.deb
          Size/MD5:   132218 cba1dff0546242060d83b58d03311d3e
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_powerpc.deb
          Size/MD5:  5242672 00e64b862a130607586770ee2329619f
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2.8.1-0ubuntu4.1_sparc.deb
          Size/MD5:  6084110 51e9855eb0669f30bf0d8c197901659f
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2.8.1-0ubuntu4.1_sparc.deb
          Size/MD5:   212320 68b6ce59b82753e10b4f481552970b77
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugins_2.8.1-0ubuntu4.1_sparc.deb
          Size/MD5:   117242 cc20e0c7057bd6ef2ec2d84ef31b6c7e
        http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1-0ubuntu4.1_sparc.deb
          Size/MD5:  5151890 494d1c41a154f4ceb2830dd6fcfbc721
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.