SCIENTIFIC-LINUX-ERRATA Archives

March 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: evolution on SL3.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Tue, 17 Mar 2009 15:07:24 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (31 lines) 
Synopsis:	Moderate: evolution security update
Issue date:	2009-03-16
CVE Names:	CVE-2009-0582 CVE-2009-0587

It was discovered that evolution did not properly validate NTLM (NT LAN
Manager) authentication challenge packets. A malicious server using NTLM
authentication could cause evolution to disclose portions of its memory 
or crash during user authentication. (CVE-2009-0582)

An integer overflow flaw which could cause heap-based buffer overflow 
was found in the Base64 encoding routine used by evolution. This could 
cause evolution to crash, or, possibly, execute an arbitrary code when 
large untrusted data blocks were Base64-encoded. (CVE-2009-0587)

All running instances of evolution must be restarted for the update to 
take effect.

SL 3.0.x

      SRPMS:
evolution-1.4.5-25.el3.src.rpm
      i386:
evolution-1.4.5-25.el3.i386.rpm
evolution-devel-1.4.5-25.el3.i386.rpm
      x86_64:
evolution-1.4.5-25.el3.x86_64.rpm
evolution-devel-1.4.5-25.el3.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2