|
|
| Problem Description |
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1
allow remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via (1) full vCard data, (2) contact data from
remote LDAP servers, or (3) task list data from remote servers.
(CAN-2005-2549)
A format string vulnerability in Evolution 1.4 through 2.3.6.1 allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the calendar entries such as task lists,
which are not properly handled when the user selects the Calendars tab.
(CAN-2005-2550)
| Updated Packages |
Mandrakelinux 10.1
c86139b16f34105eb0fb2bfb3ecc4bdf 10.1/RPMS/evolution-2.0.3-1.4.101mdk.i586.rpm 3f7164577e567be0f7ee93ed12d3de13 10.1/RPMS/evolution-devel-2.0.3-1.4.101mdk.i586.rpm 7005876e3443b028a65258b25b1eeadf 10.1/RPMS/evolution-pilot-2.0.3-1.4.101mdk.i586.rpm 29601b950c1fb806f48275da174a0721 10.1/SRPMS/evolution-2.0.3-1.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
7fbb271d2c863d2ae1623c434157bed2 x86_64/10.1/RPMS/evolution-2.0.3-1.4.101mdk.x86_64.rpm 99d8f4c56967e45c2d5e6a8ed11c5f0c x86_64/10.1/RPMS/evolution-devel-2.0.3-1.4.101mdk.x86_64.rpm 52bfc378433fe224a0aa8ac4784a5ab1 x86_64/10.1/RPMS/evolution-pilot-2.0.3-1.4.101mdk.x86_64.rpm 29601b950c1fb806f48275da174a0721 x86_64/10.1/SRPMS/evolution-2.0.3-1.4.101mdk.src.rpm
Corporate Server 3.0
b4fe8df7fe51f54129606ed4e81a2a33 corporate/3.0/RPMS/evolution-1.4.6-5.2.C30mdk.i586.rpm b1596ec712f2f3bde7b0e7c4a9e1409f corporate/3.0/RPMS/evolution-devel-1.4.6-5.2.C30mdk.i586.rpm 60068cc6987dccb19f6586cbd5e74949 corporate/3.0/RPMS/evolution-pilot-1.4.6-5.2.C30mdk.i586.rpm 736e517b243c4a3b9d57970b7e6a2e71 corporate/3.0/SRPMS/evolution-1.4.6-5.2.C30mdk.src.rpm
Corporate Server 3.0/X86_64
cd590782c6bba4a33fb55ed231ec940b x86_64/corporate/3.0/RPMS/evolution-1.4.6-5.2.C30mdk.x86_64.rpm 197aca690c2e893732ed72d6298a46b0 x86_64/corporate/3.0/RPMS/evolution-devel-1.4.6-5.2.C30mdk.x86_64.rpm 4c734a5c04be55664fb086fa6a56a5d2 x86_64/corporate/3.0/RPMS/evolution-pilot-1.4.6-5.2.C30mdk.x86_64.rpm 736e517b243c4a3b9d57970b7e6a2e71 x86_64/corporate/3.0/SRPMS/evolution-1.4.6-5.2.C30mdk.src.rpm
Mandriva Linux LE2005
5a37a9c724ff1d5eae934f6f45aaf607 10.2/RPMS/evolution-2.0.4-3.1.102mdk.i586.rpm a6822e000c563fb6c025b3aa5cf24a76 10.2/RPMS/evolution-devel-2.0.4-3.1.102mdk.i586.rpm 9476496c8d82bb59be375b93315fd1be 10.2/RPMS/evolution-pilot-2.0.4-3.1.102mdk.i586.rpm b306dba4c9525c4be261903f5bca83e0 10.2/SRPMS/evolution-2.0.4-3.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
a6072f366802d6e983312850d3048579 x86_64/10.2/RPMS/evolution-2.0.4-3.1.102mdk.x86_64.rpm 90fb55af1fc3a40cac030a63156b2a31 x86_64/10.2/RPMS/evolution-devel-2.0.4-3.1.102mdk.x86_64.rpm a07bade72ae8bc6c82d46680937f0bf5 x86_64/10.2/RPMS/evolution-pilot-2.0.4-3.1.102mdk.x86_64.rpm b306dba4c9525c4be261903f5bca83e0 x86_64/10.2/SRPMS/evolution-2.0.4-3.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.