Red Hat Product Errata RHSA-2008:0178 - Security Advisory

Issued:: 2008-03-05
Updated:: 2008-03-05

RHSA-2008:0178 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: evolution security update

Type/Severity

Security Advisory: Critical

Topic

Updated evolution packages that fix a format string bug are now available
for Red Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Evolution is the GNOME collection of personal information management (PIM)
tools.

A format string flaw was found in the way Evolution displayed encrypted
mail content. If a user opened a carefully crafted mail message, arbitrary
code could be executed as the user running Evolution. (CVE-2008-0072)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding
and reporting this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 i386
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

BZ - 435759 - CVE-2008-0072 Evolution format string flaw

CVEs

CVE-2008-0072

References

http://www.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.4.el4_5.1.src.rpm	SHA-256: 413e898a0bd67d8c5a8c4e68bf3548535cb63266a522b4c4cf080ecd78a3594a
x86_64
evolution-2.0.2-35.0.4.el4_5.1.x86_64.rpm	SHA-256: a0fb47e020bd61536e851f54dcb3bb22ea85eaf10067700d10cd39ca048ab2a7
evolution-2.0.2-35.0.4.el4_5.1.x86_64.rpm	SHA-256: a0fb47e020bd61536e851f54dcb3bb22ea85eaf10067700d10cd39ca048ab2a7
evolution-devel-2.0.2-35.0.4.el4_5.1.x86_64.rpm	SHA-256: c861c936ce3737998f6c4d58e495749a974a579232f65d04a047c753a36800b9
evolution-devel-2.0.2-35.0.4.el4_5.1.x86_64.rpm	SHA-256: c861c936ce3737998f6c4d58e495749a974a579232f65d04a047c753a36800b9
ia64
evolution-2.0.2-35.0.4.el4_5.1.ia64.rpm	SHA-256: b450bacadb243a7b8ec3c91ffe1399648acbfa0a25168889fb1246f3f7740609
evolution-2.0.2-35.0.4.el4_5.1.ia64.rpm	SHA-256: b450bacadb243a7b8ec3c91ffe1399648acbfa0a25168889fb1246f3f7740609
evolution-devel-2.0.2-35.0.4.el4_5.1.ia64.rpm	SHA-256: 337c7b87317f38241a9c9900f7624d68b346f75ff39e6505c6b7bf53d6ef51e6
evolution-devel-2.0.2-35.0.4.el4_5.1.ia64.rpm	SHA-256: 337c7b87317f38241a9c9900f7624d68b346f75ff39e6505c6b7bf53d6ef51e6
i386
evolution-2.0.2-35.0.4.el4_5.1.i386.rpm	SHA-256: c0a11153635e04890b4940ba8f81f9f8e2c02544f4eb56d8896d56a0fa7bf13c
evolution-2.0.2-35.0.4.el4_5.1.i386.rpm	SHA-256: c0a11153635e04890b4940ba8f81f9f8e2c02544f4eb56d8896d56a0fa7bf13c
evolution-devel-2.0.2-35.0.4.el4_5.1.i386.rpm	SHA-256: d3b84e321adc32cab0376d1fd2ed6ad9d3c8da16874dc1e50550be5949165e50
evolution-devel-2.0.2-35.0.4.el4_5.1.i386.rpm	SHA-256: d3b84e321adc32cab0376d1fd2ed6ad9d3c8da16874dc1e50550be5949165e50

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.4.el4_5.1.src.rpm	SHA-256: 413e898a0bd67d8c5a8c4e68bf3548535cb63266a522b4c4cf080ecd78a3594a
s390x
evolution-2.0.2-35.0.4.el4_5.1.s390x.rpm	SHA-256: 32d49e50b41f51ed6e3e5169cce3b7a317f2a1efc375bac25e08dd21550759c4
evolution-devel-2.0.2-35.0.4.el4_5.1.s390x.rpm	SHA-256: da993efef14da2928a83497d80d1f6d8fa2b053bc5f828bd258a642984aa0510
s390
evolution-2.0.2-35.0.4.el4_5.1.s390.rpm	SHA-256: 51b59294cad5fdd792ec4c1d0150eef99bfa34ffc6d9050f9f14aab971ee71e8
evolution-devel-2.0.2-35.0.4.el4_5.1.s390.rpm	SHA-256: 972e4a1c7310b802d2bd502af4b516fb3a9c168f7a78a8f7f2a81db6705561e3

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.4.el4_5.1.src.rpm	SHA-256: 413e898a0bd67d8c5a8c4e68bf3548535cb63266a522b4c4cf080ecd78a3594a
ppc
evolution-2.0.2-35.0.4.el4_5.1.ppc.rpm	SHA-256: 0914012e16b6632612446505e494c8133962565052518893f9f5cb14f788c408
evolution-devel-2.0.2-35.0.4.el4_5.1.ppc.rpm	SHA-256: 801543ef92291c1bbcbb1bc91398d929626987d7c8535f8cabe6458f10930bb8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories