Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: evolution (200303-18)
Date: Fri, 21 Mar 2003 16:05:02
Message-Id: 20030321160213.D292C338BF@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18
6 - - ---------------------------------------------------------------------
7
8 PACKAGE : evolution
9 SUMMARY : multiple vulnerabilities
10 DATE : 2003-03-21 16:02 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <1.2.3
13 FIXED VERSION : >=1.2.3
14 CVE : CAN-2003-0128 CAN-2003-0129 CAN-2003-0130
15
16 - - ---------------------------------------------------------------------
17
18 - From advisory:
19
20 "Three vulnerabilities were found that could lead to various forms of
21 exploitation ranging from denying to users the ability to read email,
22 provoke system unstability, bypassing security context checks for
23 email content and possibly execution of arbitrary commands on
24 vulnerable systems."
25
26 Read the full advisory at:
27 http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
28
29 SOLUTION
30
31 It is recommended that all Gentoo Linux users who are running
32 net-mail/evolution upgrade to evolution-1.2.3 as follows:
33
34 emerge sync
35 emerge evolution
36 emerge clean
37
38 - - ---------------------------------------------------------------------
39 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
40 - - ---------------------------------------------------------------------
41 -----BEGIN PGP SIGNATURE-----
42 Version: GnuPG v1.2.1 (GNU/Linux)
43
44 iD8DBQE+ezeDfT7nyhUpoZMRAqgFAKCMJiPWrcXzncBhgk1/lQ6F1qvdPwCff0L8
45 puU/UmXZptBvDuVLe66YBNg=
46 =7I0C
47 -----END PGP SIGNATURE-----