 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 6 Jun 2008 12:21:10 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
My apologies.
This was the first security errata that went out for evolution since it's major
update from 2.8 to 2.12. I didn't check the dependancies close enough. Here
are the dependancies that go along with this security update.
i386:
evolution-connector-2.12.3-4.el5_2.1.i386.rpm
evolution-data-server-1.12.3-6.el5.i386.rpm
evolution-data-server-devel-1.12.3-6.el5.i386.rpm
evolution-data-server-doc-1.12.3-6.el5.i386.rpm
evolution-webcal-2.7.1-6.i386.rpm
gtkhtml3-3.16.3-1.el5.i386.rpm
gtkhtml3-devel-3.16.3-1.el5.i386.rpm
nspr-4.7.0.99.2-1.el5.i386.rpm
nspr-devel-4.7.0.99.2-1.el5.i386.rpm
nss-3.11.99.5-2.el5.i386.rpm
nss-devel-3.11.99.5-2.el5.i386.rpm
nss-pkcs11-devel-3.11.99.5-2.el5.i386.rpm
nss-tools-3.11.99.5-2.el5.i386.rpm
prelink-0.3.9-2.1.i386.rpm
x86_64:
evolution-connector-2.12.3-4.el5.x86_64.rpm
evolution-data-server-1.12.3-6.el5.i386.rpm
evolution-data-server-1.12.3-6.el5.x86_64.rpm
evolution-data-server-devel-1.12.3-6.el5.i386.rpm
evolution-data-server-devel-1.12.3-6.el5.x86_64.rpm
evolution-data-server-doc-1.12.3-6.el5.x86_64.rpm
evolution-webcal-2.7.1-6.x86_64.rpm
gtkhtml3-3.16.3-1.el5.i386.rpm
gtkhtml3-3.16.3-1.el5.x86_64.rpm
gtkhtml3-devel-3.16.3-1.el5.i386.rpm
gtkhtml3-devel-3.16.3-1.el5.x86_64.rpm
nspr-4.7.0.99.2-1.el5.i386.rpm
nspr-4.7.0.99.2-1.el5.x86_64.rpm
nspr-devel-4.7.0.99.2-1.el5.i386.rpm
nspr-devel-4.7.0.99.2-1.el5.x86_64.rpm
nss-3.11.99.5-2.el5.i386.rpm
nss-3.11.99.5-2.el5.x86_64.rpm
nss-devel-3.11.99.5-2.el5.i386.rpm
nss-devel-3.11.99.5-2.el5.x86_64.rpm
nss-pkcs11-devel-3.11.99.5-2.el5.i386.rpm
nss-pkcs11-devel-3.11.99.5-2.el5.x86_64.rpm
nss-tools-3.11.99.5-2.el5.x86_64.rpm
prelink-0.3.9-2.1.x86_64.rpm
Troy Dawson
Troy Dawson wrote:
> Synopsis: Important: evolution security update
> Issue date: 2008-06-04
> CVE Names: CVE-2008-1108 CVE-2008-1109
>
> A flaw was found in the way Evolution parsed iCalendar timezone attachment
> data. If the Itip Formatter plug-in was disabled and a user opened a mail
> with a carefully crafted iCalendar attachment, arbitrary code could be
> executed as the user running Evolution. (CVE-2008-1108)
>
> Note: the Itip Formatter plug-in, which allows calendar information
> (attachments with a MIME type of "text/calendar") to be displayed as part
> of the e-mail message, is enabled by default.
>
> A heap-based buffer overflow flaw was found in the way Evolution parsed
> iCalendar attachments with an overly long "DESCRIPTION" property string. If
> a user responded to a carefully crafted iCalendar attachment in a
> particular way, arbitrary code could be executed as the user running
> Evolution. (CVE-2008-1109).
> SL 5.x
>
> SRPMS:
> evolution-2.12.3-8.el5_2.2.src.rpm
> i386:
> evolution-2.12.3-8.el5_2.2.i386.rpm
> evolution-devel-2.12.3-8.el5_2.2.i386.rpm
> evolution-help-2.12.3-8.el5_2.2.i386.rpm
> x86_64:
> evolution-2.12.3-8.el5_2.2.i386.rpm
> evolution-2.12.3-8.el5_2.2.x86_64.rpm
> evolution-devel-2.12.3-8.el5_2.2.i386.rpm
> evolution-devel-2.12.3-8.el5_2.2.x86_64.rpm
> evolution-help-2.12.3-8.el5_2.2.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
|
|
|
