MDKSA-2005:141

Package name

evolution

Date

2005-08-17

Advisory ID

MDKSA-2005:141

Affected versions

10.2 x86_64 , 10.2 i586 , 10.1 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.1 x86_64

Problem description

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. (CAN-2005-2549) A format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. (CAN-2005-2550)

Updated packages

10.2 x86_64

 a6072f366802d6e983312850d3048579  x86_64/10.2/RPMS/evolution-2.0.4-3.1.102mdk.x86_64.rpm
90fb55af1fc3a40cac030a63156b2a31  x86_64/10.2/RPMS/evolution-devel-2.0.4-3.1.102mdk.x86_64.rpm
a07bade72ae8bc6c82d46680937f0bf5  x86_64/10.2/RPMS/evolution-pilot-2.0.4-3.1.102mdk.x86_64.rpm
b306dba4c9525c4be261903f5bca83e0  x86_64/10.2/SRPMS/evolution-2.0.4-3.1.102mdk.src.rpm

10.2 i586

 5a37a9c724ff1d5eae934f6f45aaf607  10.2/RPMS/evolution-2.0.4-3.1.102mdk.i586.rpm
a6822e000c563fb6c025b3aa5cf24a76  10.2/RPMS/evolution-devel-2.0.4-3.1.102mdk.i586.rpm
9476496c8d82bb59be375b93315fd1be  10.2/RPMS/evolution-pilot-2.0.4-3.1.102mdk.i586.rpm
b306dba4c9525c4be261903f5bca83e0  10.2/SRPMS/evolution-2.0.4-3.1.102mdk.src.rpm

10.1 i586

 c86139b16f34105eb0fb2bfb3ecc4bdf  10.1/RPMS/evolution-2.0.3-1.4.101mdk.i586.rpm
3f7164577e567be0f7ee93ed12d3de13  10.1/RPMS/evolution-devel-2.0.3-1.4.101mdk.i586.rpm
7005876e3443b028a65258b25b1eeadf  10.1/RPMS/evolution-pilot-2.0.3-1.4.101mdk.i586.rpm
29601b950c1fb806f48275da174a0721  10.1/SRPMS/evolution-2.0.3-1.4.101mdk.src.rpm

CS3.0 x86_64

 cd590782c6bba4a33fb55ed231ec940b  x86_64/corporate/3.0/RPMS/evolution-1.4.6-5.2.C30mdk.x86_64.rpm
197aca690c2e893732ed72d6298a46b0  x86_64/corporate/3.0/RPMS/evolution-devel-1.4.6-5.2.C30mdk.x86_64.rpm
4c734a5c04be55664fb086fa6a56a5d2  x86_64/corporate/3.0/RPMS/evolution-pilot-1.4.6-5.2.C30mdk.x86_64.rpm
736e517b243c4a3b9d57970b7e6a2e71  x86_64/corporate/3.0/SRPMS/evolution-1.4.6-5.2.C30mdk.src.rpm

CS3.0 i586

 b4fe8df7fe51f54129606ed4e81a2a33  corporate/3.0/RPMS/evolution-1.4.6-5.2.C30mdk.i586.rpm
b1596ec712f2f3bde7b0e7c4a9e1409f  corporate/3.0/RPMS/evolution-devel-1.4.6-5.2.C30mdk.i586.rpm
60068cc6987dccb19f6586cbd5e74949  corporate/3.0/RPMS/evolution-pilot-1.4.6-5.2.C30mdk.i586.rpm
736e517b243c4a3b9d57970b7e6a2e71  corporate/3.0/SRPMS/evolution-1.4.6-5.2.C30mdk.src.rpm

10.1 x86_64

 7fbb271d2c863d2ae1623c434157bed2  x86_64/10.1/RPMS/evolution-2.0.3-1.4.101mdk.x86_64.rpm
99d8f4c56967e45c2d5e6a8ed11c5f0c  x86_64/10.1/RPMS/evolution-devel-2.0.3-1.4.101mdk.x86_64.rpm
52bfc378433fe224a0aa8ac4784a5ab1  x86_64/10.1/RPMS/evolution-pilot-2.0.3-1.4.101mdk.x86_64.rpm
29601b950c1fb806f48275da174a0721  x86_64/10.1/SRPMS/evolution-2.0.3-1.4.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550