[Security Announce] [ MDKSA-2007:070 ] - Updated evolution packages to address vulnerability

Posted by Bob on: 03/27/2007 04:35 PM [ Print | 0 comment(s) ]

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:070
http://www.mandriva.com/security/
_______________________________________________________________________

Package : evolution
Date : March 27, 2007
Affected: 2007.0
_______________________________________________________________________

Problem Description:

A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially
crafted shared memo containing format specifiers.

Updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
ffbaf535dcc8aad7e4d99e9e238d1ed0 2007.0/i586/evolution-2.8.0-1.1mdv2007.0.i586.rpm
b475a91bffa1bbfef44d5928ad98f76f 2007.0/i586/evolution-devel-2.8.0-1.1mdv2007.0.i586.rpm
1c3f8129b6ff5336b7ef7cc8e47034a8 2007.0/i586/evolution-mono-2.8.0-1.1mdv2007.0.i586.rpm
b34eb079ba555c29d9be2807d729b4f3 2007.0/i586/evolution-pilot-2.8.0-1.1mdv2007.0.i586.rpm
4012d73f8f6c7fc1ddb5eb326cad2c7a 2007.0/SRPMS/evolution-2.8.0-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9803e86f2add5fc6fa81e35d44cf0696 2007.0/x86_64/evolution-2.8.0-1.1mdv2007.0.x86_64.rpm
b5b4cf59932bd01169f1d76e90be2201 2007.0/x86_64/evolution-devel-2.8.0-1.1mdv2007.0.x86_64.rpm
f382c0033a4ff0f9c3e48235dbf712f8 2007.0/x86_64/evolution-mono-2.8.0-1.1mdv2007.0.x86_64.rpm
737c4f2a2708d06d1dbf7a2379eb56f8 2007.0/x86_64/evolution-pilot-2.8.0-1.1mdv2007.0.x86_64.rpm
4012d73f8f6c7fc1ddb5eb326cad2c7a 2007.0/SRPMS/evolution-2.8.0-1.1mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGCQmRmqjQ0CJFipgRAuQOAJ9ff46OmdV//gV9Qfu2Q76qZsRkygCgzHrw
RySRUTo4vymnxdlcLkTwqVU=
=j0iK
-----END PGP SIGNATURE-----