GLSA
Veteran
Joined: 12 May 2004
Posts: 1303
|
 Posted: Wed Jun 06, 2007 9:26 pm Post subject: [ GLSA 200706-02 ] Evolution: User-assisted execution of arb |
 |
|
Gentoo Linux Security Advisory
Title: Evolution: User-assisted execution of arbitrary code (GLSA 200706-02)
Severity: normal
Exploitable: remote
Date: June 06, 2007
Bug(s): #170879
ID: 200706-02
Synopsis
A vulnerability has been discovered in Evolution allowing for the execution of arbitrary code.
Background
Evolution is the mail client of the GNOME desktop environment.
Affected Packages
Package: mail-client/evolution
Vulnerable: < 2.8.3-r2
Unaffected: >= 2.8.3-r2
Architectures: All supported architectures
Description
Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c.
Impact
A remote attacker could entice a user to open a specially crafted shared memo, possibly resulting in the execution of arbitrary code with the privileges of the user running Evolution.
Workaround
There is no known workaround at this time.
Resolution
All Evolution users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/evolution-2.8.3-r2" |
References
CVE-2007-1002
Last edited by GLSA on Fri Jun 08, 2007 4:18 am; edited 1 time in total |
|
News & Announcements
