Synopsis

Important: evolution security update

Type/Severity

Security Advisory: Important

Topic

Updated evolution packages that fix a security bug are now available for
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Evolution is the GNOME collection of personal information management (PIM)
tools.

A flaw was found in the way Evolution processes certain IMAP server
messages. If a user can be tricked into connecting to a malicious IMAP
server it may be possible to execute arbitrary code as the user running
evolution. (CVE-2007-3257)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Server - Extended Update Support 4.5 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 4.5 ia64
• Red Hat Enterprise Linux Server - Extended Update Support 4.5 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
• Red Hat Enterprise Linux for Power, big endian 4 ppc
• Red Hat Enterprise Linux for Power, big endian 3 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

• BZ - 244277 - CVE-2007-3257 evolution malicious server arbitrary code execution

CVEs

• CVE-2007-3257

References

• http://www.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux Server 4

SRPM
evolution-2.0.2-35.0.4.el4.src.rpm	SHA-256: 268dee28858e7ef20e7e1a8ba0b2cb0c2afca217fb6441c2adefdf56f8a75b67
x86_64
evolution-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 137423296000ee66b24257e6a2863a6189f8a0d01d1a3aa6c34e91588ba08123
evolution-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 137423296000ee66b24257e6a2863a6189f8a0d01d1a3aa6c34e91588ba08123
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 0332b87479a4baf2784e96ead5611bfcbded5c92b29fa0698bc3e57a4536a162
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 0332b87479a4baf2784e96ead5611bfcbded5c92b29fa0698bc3e57a4536a162
ia64
evolution-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: 8f9e7e5e560f47c28f1bf57ad5a2f4a95d6330a62f4c58c5b5da3610ab6a5e7b
evolution-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: 8f9e7e5e560f47c28f1bf57ad5a2f4a95d6330a62f4c58c5b5da3610ab6a5e7b
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: b775a3b973a770f124b8979af1b66bc29e694c4eb2932e204d880c424cd9fc82
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: b775a3b973a770f124b8979af1b66bc29e694c4eb2932e204d880c424cd9fc82
i386
evolution-2.0.2-35.0.4.el4.i386.rpm	SHA-256: fbd756a80d7001cd7f38ac27f2077b36d14412b5a7701ada516491a44015a809
evolution-2.0.2-35.0.4.el4.i386.rpm	SHA-256: fbd756a80d7001cd7f38ac27f2077b36d14412b5a7701ada516491a44015a809
evolution-devel-2.0.2-35.0.4.el4.i386.rpm	SHA-256: 900883028a84989465ea6c3eeaa5f7648b372cbd83ebdc8788e2f2a89e280482
evolution-devel-2.0.2-35.0.4.el4.i386.rpm	SHA-256: 900883028a84989465ea6c3eeaa5f7648b372cbd83ebdc8788e2f2a89e280482

Red Hat Enterprise Linux Server - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.4.el4.src.rpm	SHA-256: 268dee28858e7ef20e7e1a8ba0b2cb0c2afca217fb6441c2adefdf56f8a75b67
x86_64
evolution-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 137423296000ee66b24257e6a2863a6189f8a0d01d1a3aa6c34e91588ba08123
evolution-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 137423296000ee66b24257e6a2863a6189f8a0d01d1a3aa6c34e91588ba08123
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 0332b87479a4baf2784e96ead5611bfcbded5c92b29fa0698bc3e57a4536a162
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 0332b87479a4baf2784e96ead5611bfcbded5c92b29fa0698bc3e57a4536a162
ia64
evolution-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: 8f9e7e5e560f47c28f1bf57ad5a2f4a95d6330a62f4c58c5b5da3610ab6a5e7b
evolution-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: 8f9e7e5e560f47c28f1bf57ad5a2f4a95d6330a62f4c58c5b5da3610ab6a5e7b
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: b775a3b973a770f124b8979af1b66bc29e694c4eb2932e204d880c424cd9fc82
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: b775a3b973a770f124b8979af1b66bc29e694c4eb2932e204d880c424cd9fc82
i386
evolution-2.0.2-35.0.4.el4.i386.rpm	SHA-256: fbd756a80d7001cd7f38ac27f2077b36d14412b5a7701ada516491a44015a809
evolution-2.0.2-35.0.4.el4.i386.rpm	SHA-256: fbd756a80d7001cd7f38ac27f2077b36d14412b5a7701ada516491a44015a809
evolution-devel-2.0.2-35.0.4.el4.i386.rpm	SHA-256: 900883028a84989465ea6c3eeaa5f7648b372cbd83ebdc8788e2f2a89e280482
evolution-devel-2.0.2-35.0.4.el4.i386.rpm	SHA-256: 900883028a84989465ea6c3eeaa5f7648b372cbd83ebdc8788e2f2a89e280482

Red Hat Enterprise Linux Workstation 4

SRPM
evolution-2.0.2-35.0.4.el4.src.rpm	SHA-256: 268dee28858e7ef20e7e1a8ba0b2cb0c2afca217fb6441c2adefdf56f8a75b67
x86_64
evolution-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 137423296000ee66b24257e6a2863a6189f8a0d01d1a3aa6c34e91588ba08123
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 0332b87479a4baf2784e96ead5611bfcbded5c92b29fa0698bc3e57a4536a162
ia64
evolution-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: 8f9e7e5e560f47c28f1bf57ad5a2f4a95d6330a62f4c58c5b5da3610ab6a5e7b
evolution-devel-2.0.2-35.0.4.el4.ia64.rpm	SHA-256: b775a3b973a770f124b8979af1b66bc29e694c4eb2932e204d880c424cd9fc82
i386
evolution-2.0.2-35.0.4.el4.i386.rpm	SHA-256: fbd756a80d7001cd7f38ac27f2077b36d14412b5a7701ada516491a44015a809
evolution-devel-2.0.2-35.0.4.el4.i386.rpm	SHA-256: 900883028a84989465ea6c3eeaa5f7648b372cbd83ebdc8788e2f2a89e280482

Red Hat Enterprise Linux Desktop 4

SRPM
evolution-2.0.2-35.0.4.el4.src.rpm	SHA-256: 268dee28858e7ef20e7e1a8ba0b2cb0c2afca217fb6441c2adefdf56f8a75b67
x86_64
evolution-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 137423296000ee66b24257e6a2863a6189f8a0d01d1a3aa6c34e91588ba08123
evolution-devel-2.0.2-35.0.4.el4.x86_64.rpm	SHA-256: 0332b87479a4baf2784e96ead5611bfcbded5c92b29fa0698bc3e57a4536a162
i386
evolution-2.0.2-35.0.4.el4.i386.rpm	SHA-256: fbd756a80d7001cd7f38ac27f2077b36d14412b5a7701ada516491a44015a809
evolution-devel-2.0.2-35.0.4.el4.i386.rpm	SHA-256: 900883028a84989465ea6c3eeaa5f7648b372cbd83ebdc8788e2f2a89e280482

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
evolution-2.0.2-35.0.4.el4.src.rpm	SHA-256: 268dee28858e7ef20e7e1a8ba0b2cb0c2afca217fb6441c2adefdf56f8a75b67
s390x
evolution-2.0.2-35.0.4.el4.s390x.rpm	SHA-256: ce095c3782e998be462ac198775cc52644b3205826f9e75164bd4bbb3764dff6
evolution-devel-2.0.2-35.0.4.el4.s390x.rpm	SHA-256: b96f84d9d8cda05843ba6503f7361c4375f014e7a589ac2448703dd98b1d3850
s390
evolution-2.0.2-35.0.4.el4.s390.rpm	SHA-256: 1ada66a958be8d12b9f0894f9019ed4dd33aa6c98e56f75397b980a2cf621e74
evolution-devel-2.0.2-35.0.4.el4.s390.rpm	SHA-256: 3a3abc8329db4ac5de0e06c35adf4f830dfe1467fe6262eb635078e9856ff2c1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.4.el4.src.rpm	SHA-256: 268dee28858e7ef20e7e1a8ba0b2cb0c2afca217fb6441c2adefdf56f8a75b67
s390x
evolution-2.0.2-35.0.4.el4.s390x.rpm	SHA-256: ce095c3782e998be462ac198775cc52644b3205826f9e75164bd4bbb3764dff6
evolution-devel-2.0.2-35.0.4.el4.s390x.rpm	SHA-256: b96f84d9d8cda05843ba6503f7361c4375f014e7a589ac2448703dd98b1d3850
s390
evolution-2.0.2-35.0.4.el4.s390.rpm	SHA-256: 1ada66a958be8d12b9f0894f9019ed4dd33aa6c98e56f75397b980a2cf621e74
evolution-devel-2.0.2-35.0.4.el4.s390.rpm	SHA-256: 3a3abc8329db4ac5de0e06c35adf4f830dfe1467fe6262eb635078e9856ff2c1

Red Hat Enterprise Linux for Power, big endian 4

SRPM
evolution-2.0.2-35.0.4.el4.src.rpm	SHA-256: 268dee28858e7ef20e7e1a8ba0b2cb0c2afca217fb6441c2adefdf56f8a75b67
ppc
evolution-2.0.2-35.0.4.el4.ppc.rpm	SHA-256: 4075b749a1d765c6fa129ba4a0c59a84b6d7410f9d02d2ba78debf3e9b6b7409
evolution-devel-2.0.2-35.0.4.el4.ppc.rpm	SHA-256: c609d77c3238ae6ebe10cdf8687a5a7f58d1bcf8b8bf3b94e6205c4cb42a7733

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.4.el4.src.rpm	SHA-256: 268dee28858e7ef20e7e1a8ba0b2cb0c2afca217fb6441c2adefdf56f8a75b67
ppc
evolution-2.0.2-35.0.4.el4.ppc.rpm	SHA-256: 4075b749a1d765c6fa129ba4a0c59a84b6d7410f9d02d2ba78debf3e9b6b7409
evolution-devel-2.0.2-35.0.4.el4.ppc.rpm	SHA-256: c609d77c3238ae6ebe10cdf8687a5a7f58d1bcf8b8bf3b94e6205c4cb42a7733