Synopsis

Critical: evolution security update

Type/Severity

Security Advisory: Critical

Topic

Updated evolution packages that address a buffer overflow vulnerability are
now available for Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.

A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If mail which included a carefully crafted iCalendar attachment was
opened, arbitrary code could be executed as the user running Evolution.
(CVE-2008-1108)

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.

All users of Evolution should upgrade to these updated packages, which
contains a backported patch which resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Server - Extended Update Support 4.6 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 4.6 ia64
• Red Hat Enterprise Linux Server - Extended Update Support 4.6 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
• Red Hat Enterprise Linux for Power, big endian 4 ppc
• Red Hat Enterprise Linux for Power, big endian 3 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc

Fixes

• BZ - 448540 - CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone specification

CVEs

• CVE-2008-1108

References

• http://www.redhat.com/security/updates/classification/#critical

Red Hat Enterprise Linux Server 4

SRPM
evolution-2.0.2-35.0.4.el4_6.2.src.rpm	SHA-256: 8696ba6ad9e076c6114bce92a4dec7e230190579c0a724a13c4eacb583ca1b05
x86_64
evolution-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: 5df1e960dbdca3a06845d40652eda64958946740dd7b3303e3439e4401b69a90
evolution-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: 5df1e960dbdca3a06845d40652eda64958946740dd7b3303e3439e4401b69a90
evolution-devel-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: b8ee06cadceef8e47b806e77f6be01c72de4bdec29ae5242cf6ef4a84ca2fc9e
evolution-devel-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: b8ee06cadceef8e47b806e77f6be01c72de4bdec29ae5242cf6ef4a84ca2fc9e
ia64
evolution-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: d60eaced3f65be7b508f79886ff2c6fb02915b86fb655ee86b151d7409194444
evolution-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: d60eaced3f65be7b508f79886ff2c6fb02915b86fb655ee86b151d7409194444
evolution-devel-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: 0a8a5a1413f18736b33046bfca254c9eef486a7626eda6fb5951dd5e571d11c9
evolution-devel-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: 0a8a5a1413f18736b33046bfca254c9eef486a7626eda6fb5951dd5e571d11c9
i386
evolution-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 590676b18420791d8b9a6c3941487e97fa96a844cda38d4f021cfc9ae9b826e7
evolution-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 590676b18420791d8b9a6c3941487e97fa96a844cda38d4f021cfc9ae9b826e7
evolution-devel-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 45a7cfcf44a5123531263e14312220f0446e5602bd2b2db7c152dcb8e657a81e
evolution-devel-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 45a7cfcf44a5123531263e14312220f0446e5602bd2b2db7c152dcb8e657a81e

Red Hat Enterprise Linux Server - Extended Update Support 4.6

SRPM
evolution-2.0.2-35.0.4.el4_6.2.src.rpm	SHA-256: 8696ba6ad9e076c6114bce92a4dec7e230190579c0a724a13c4eacb583ca1b05
x86_64
evolution-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: 5df1e960dbdca3a06845d40652eda64958946740dd7b3303e3439e4401b69a90
evolution-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: 5df1e960dbdca3a06845d40652eda64958946740dd7b3303e3439e4401b69a90
evolution-devel-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: b8ee06cadceef8e47b806e77f6be01c72de4bdec29ae5242cf6ef4a84ca2fc9e
evolution-devel-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: b8ee06cadceef8e47b806e77f6be01c72de4bdec29ae5242cf6ef4a84ca2fc9e
ia64
evolution-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: d60eaced3f65be7b508f79886ff2c6fb02915b86fb655ee86b151d7409194444
evolution-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: d60eaced3f65be7b508f79886ff2c6fb02915b86fb655ee86b151d7409194444
evolution-devel-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: 0a8a5a1413f18736b33046bfca254c9eef486a7626eda6fb5951dd5e571d11c9
evolution-devel-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: 0a8a5a1413f18736b33046bfca254c9eef486a7626eda6fb5951dd5e571d11c9
i386
evolution-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 590676b18420791d8b9a6c3941487e97fa96a844cda38d4f021cfc9ae9b826e7
evolution-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 590676b18420791d8b9a6c3941487e97fa96a844cda38d4f021cfc9ae9b826e7
evolution-devel-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 45a7cfcf44a5123531263e14312220f0446e5602bd2b2db7c152dcb8e657a81e
evolution-devel-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 45a7cfcf44a5123531263e14312220f0446e5602bd2b2db7c152dcb8e657a81e

Red Hat Enterprise Linux Workstation 4

SRPM
evolution-2.0.2-35.0.4.el4_6.2.src.rpm	SHA-256: 8696ba6ad9e076c6114bce92a4dec7e230190579c0a724a13c4eacb583ca1b05
x86_64
evolution-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: 5df1e960dbdca3a06845d40652eda64958946740dd7b3303e3439e4401b69a90
evolution-devel-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: b8ee06cadceef8e47b806e77f6be01c72de4bdec29ae5242cf6ef4a84ca2fc9e
ia64
evolution-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: d60eaced3f65be7b508f79886ff2c6fb02915b86fb655ee86b151d7409194444
evolution-devel-2.0.2-35.0.4.el4_6.2.ia64.rpm	SHA-256: 0a8a5a1413f18736b33046bfca254c9eef486a7626eda6fb5951dd5e571d11c9
i386
evolution-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 590676b18420791d8b9a6c3941487e97fa96a844cda38d4f021cfc9ae9b826e7
evolution-devel-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 45a7cfcf44a5123531263e14312220f0446e5602bd2b2db7c152dcb8e657a81e

Red Hat Enterprise Linux Desktop 4

SRPM
evolution-2.0.2-35.0.4.el4_6.2.src.rpm	SHA-256: 8696ba6ad9e076c6114bce92a4dec7e230190579c0a724a13c4eacb583ca1b05
x86_64
evolution-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: 5df1e960dbdca3a06845d40652eda64958946740dd7b3303e3439e4401b69a90
evolution-devel-2.0.2-35.0.4.el4_6.2.x86_64.rpm	SHA-256: b8ee06cadceef8e47b806e77f6be01c72de4bdec29ae5242cf6ef4a84ca2fc9e
i386
evolution-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 590676b18420791d8b9a6c3941487e97fa96a844cda38d4f021cfc9ae9b826e7
evolution-devel-2.0.2-35.0.4.el4_6.2.i386.rpm	SHA-256: 45a7cfcf44a5123531263e14312220f0446e5602bd2b2db7c152dcb8e657a81e

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
evolution-2.0.2-35.0.4.el4_6.2.src.rpm	SHA-256: 8696ba6ad9e076c6114bce92a4dec7e230190579c0a724a13c4eacb583ca1b05
s390x
evolution-2.0.2-35.0.4.el4_6.2.s390x.rpm	SHA-256: 468026344cf4eb206d5d35fd8807838a333fee91c42b2689992062e0ac2e9f90
evolution-devel-2.0.2-35.0.4.el4_6.2.s390x.rpm	SHA-256: f0279c39175384e215775fb9c2fc9fdd7b2b54b4db91c51998ace2d7ce2c01a7
s390
evolution-2.0.2-35.0.4.el4_6.2.s390.rpm	SHA-256: 14baea97ce6ff0f6cd0613e461126ccaab257a23dab127bca0105bbcf6af85ee
evolution-devel-2.0.2-35.0.4.el4_6.2.s390.rpm	SHA-256: 6c4eca41de27d2881c01d490add6c040aa86a8a4ddaecad107c5e07365280c69

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6

SRPM
evolution-2.0.2-35.0.4.el4_6.2.src.rpm	SHA-256: 8696ba6ad9e076c6114bce92a4dec7e230190579c0a724a13c4eacb583ca1b05
s390x
evolution-2.0.2-35.0.4.el4_6.2.s390x.rpm	SHA-256: 468026344cf4eb206d5d35fd8807838a333fee91c42b2689992062e0ac2e9f90
evolution-devel-2.0.2-35.0.4.el4_6.2.s390x.rpm	SHA-256: f0279c39175384e215775fb9c2fc9fdd7b2b54b4db91c51998ace2d7ce2c01a7
s390
evolution-2.0.2-35.0.4.el4_6.2.s390.rpm	SHA-256: 14baea97ce6ff0f6cd0613e461126ccaab257a23dab127bca0105bbcf6af85ee
evolution-devel-2.0.2-35.0.4.el4_6.2.s390.rpm	SHA-256: 6c4eca41de27d2881c01d490add6c040aa86a8a4ddaecad107c5e07365280c69

Red Hat Enterprise Linux for Power, big endian 4

SRPM
evolution-2.0.2-35.0.4.el4_6.2.src.rpm	SHA-256: 8696ba6ad9e076c6114bce92a4dec7e230190579c0a724a13c4eacb583ca1b05
ppc
evolution-2.0.2-35.0.4.el4_6.2.ppc.rpm	SHA-256: 1e9651daecdfe723051afb4aa799c2c9dfb8408beb2d348d8a1f3bc6852004ed
evolution-devel-2.0.2-35.0.4.el4_6.2.ppc.rpm	SHA-256: dccd9f41202ac826c4d280d19a376fdb2af3b734cf6185a48b3a665d278992a3

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6

SRPM
evolution-2.0.2-35.0.4.el4_6.2.src.rpm	SHA-256: 8696ba6ad9e076c6114bce92a4dec7e230190579c0a724a13c4eacb583ca1b05
ppc
evolution-2.0.2-35.0.4.el4_6.2.ppc.rpm	SHA-256: 1e9651daecdfe723051afb4aa799c2c9dfb8408beb2d348d8a1f3bc6852004ed
evolution-devel-2.0.2-35.0.4.el4_6.2.ppc.rpm	SHA-256: dccd9f41202ac826c4d280d19a376fdb2af3b734cf6185a48b3a665d278992a3