|
 |
| Fri, Jul 25th | home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop | 13:26 UTC |
|
|
login « register « recover password « |
|
|
|
Multiple buffer overflows have been fixed in Evolution. A buffer overflow in Evolution, when the ITip Formatter plugin is disabled, allows remote attackers potentially to execute arbitrary code via a long timezone string in an iCalendar attachment. A heap-based buffer overflow in Evolution allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). Fixed packages are available from ftp.suse.com. Links: ftp.suse.com
Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. A heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long "DESCRIPTION" property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code could be executed as the user running Evolution. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Ulf Härnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible. Fixed packages are available from security.debian.org. Links: security.debian.org
Evolution is a personal information manager (PIM) and workgroup information management software. The function emf_multipart_encrypted() that is used to process encrypted messages is vulnerable to format-string bugs. This bug can be abused by a remote attacker to execute arbitrary code by sending a crafted encrypted eMail. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com
Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
A malicious IMAP server could execute code within evolution by sending a malformed response to a SEQUENCE command. This requires the user to connect to this malicious server (or a DNS entry of a good one replaced pointed to a malicious one). Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. Ulf Harnhammer discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code. It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Evolution is the GNOME collection of personal information management (PIM) tools. A format string bug was found in the way Evolution parsed the category field in a memo. If a user tried to save and then view a carefully crafted memo, arbitrary code may be executed as the user running Evolution. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Ulf Härnhammar discovered several format string vulnerabilities in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Evolution is the GNOME collection of personal information management (PIM) tools. A format string bug was found in Evolution. If a user tries to save a carefully crafted meeting or appointment, arbitrary code may be executed as the user running Evolution. Additionally, several other format string bugs were found in Evolution. If a user views a malicious vCard, connects to a malicious LDAP server, or displays a task list from a malicious remote server, arbitrary code may be executed as the user running Evolution. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Evolution is the GNOME collection of personal information management (PIM) tools. Evolution includes a mailer, calendar, contact manager, and communication facility. The tools which make up Evolution are tightly integrated with one another and act as a seamless personal information management tool. A bug was found in Evolution's helper program camel-lock-helper. This bug could allow a local attacker to gain root privileges if camel-lock-helper has been built to execute with elevated privileges. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Evolution is a GNOME-based collection of personal information management (PIM) tools. A bug was found in the way Evolution displays mail messages. It is possible that an attacker could create a specially crafted mail message that when opened by a victim causes Evolution to stop responding. A bug was also found in Evolution's helper program camel-lock-helper. This bug could allow a local attacker to gain root privileges if camel-lock-helper has been built to execute with elevated privileges. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Max Vozeler discovered an integer overflow in a helper application inside of Evolution, a free grouware suite. A local attacker could cause the setuid root helper to execute arbitrary code with elevated privileges. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
The history of software development is full of controversies. One of the oldest is the controversy about modular vs. monolithic software development. [Comments are disabled]
Evolution is a GNOME-based collection of personal information management (PIM) tools. Multiple vulnerabilities have been found in the Ximian Evolution email client. These vulnerabilities make it possible for a carefully crafted email to crash the program, cause general system instability through resource starvation and get around security measures implemented within the program. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
|
|
