[Full-Disclosure] GLSA: evolution (200303-18)

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 03/21/03

  • Next message: Dr. Peter Bieringer: "Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible" 
    From: Daniel Ahlberg <aliz@gentoo.org>
To: full-disclosure@lists.netsys.com
Date: Fri, 21 Mar 2003 17:02:16 +0100

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - ---------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18
    - - ---------------------------------------------------------------------

              PACKAGE : evolution
              SUMMARY : multiple vulnerabilities
                 DATE : 2003-03-21 16:02 UTC
              EXPLOIT : remote
    VERSIONS AFFECTED : <1.2.3
        FIXED VERSION : >=1.2.3
                  CVE : CAN-2003-0128 CAN-2003-0129 CAN-2003-0130

    - - ---------------------------------------------------------------------

    - From advisory:

    "Three vulnerabilities were found that could lead to various forms of
    exploitation ranging from denying to users the ability to read email,
    provoke system unstability, bypassing security context checks for
    email content and possibly execution of arbitrary commands on
    vulnerable systems."

    Read the full advisory at:
    http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    net-mail/evolution upgrade to evolution-1.2.3 as follows:

    emerge sync
    emerge evolution
    emerge clean

    - - ---------------------------------------------------------------------
    aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
    - - ---------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE+ezeDfT7nyhUpoZMRAqgFAKCMJiPWrcXzncBhgk1/lQ6F1qvdPwCff0L8
    puU/UmXZptBvDuVLe66YBNg=
    =7I0C
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Dr. Peter Bieringer: "Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible"

    Relevant Pages

    • [Full-Disclosure] GLSA: netscape-flash (200303-9)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200303-9 ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge netscape-flash ...
      (Full-Disclosure)
    • GLSA: evolution (200303-18)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 ... "Three vulnerabilities were found that could lead to various forms of ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ...
      (Bugtraq)
    • [Full-Disclosure] GLSA: kde-3.0.x
      ... SUMMARY: multiple vulnerabilities in KDE ... vulnerabilities and is releasing this advisory with patches to ... It is recommended that all Gentoo Linux users who are running ...
      (Full-Disclosure)
    • GLSA: kde-3.0.x
      ... SUMMARY: multiple vulnerabilities in KDE ... vulnerabilities and is releasing this advisory with patches to ... It is recommended that all Gentoo Linux users who are running ...
      (Bugtraq)
    • [NEWS] Vulnerability Issues in Implementations of the H.323 Protocol (Generic)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... discovered a number of implementation specific vulnerabilities in the ... The severity of these vulnerabilities varies by vendor. ...
      (Securiteam)