lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20080305144346.7E8DC326C4B@morgana.loeki.tv>
Date: Wed,  5 Mar 2008 15:43:46 +0100 (CET)
From: thijs@...ian.org (Thijs Kinkhorst)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1512-1                  security@...ian.org
http://www.debian.org/security/                          Thijs Kinkhorst
March 05, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : evolution
Vulnerability  : format string attack
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0072

Ulf Härnhammar discovered that Evolution, the e-mail and groupware suite,
had a format string vulnerability in the parsing of encrypted mail messages.
If the user opened a specially crafted email message, code execution was
possible.

For the stable distribution (etch), this problem has been fixed in version
2.6.3-6etch2.

For the old stable distribution (sarge), this problem has been fixed in
version 2.0.4-2sarge3. Some architectures have not yet completed building
the updated package for sarge at this time, they will be added as they
come available.

For the unstable distribution (sid), this problem has been fixed in
version 2.12.3-1.1.

We recommend that you upgrade your evolution package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz
    Size/MD5 checksum:   294256 892634ed1c28416dea721a0ee1374d84
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc
    Size/MD5 checksum:     1459 e4a9b6f334108cae7550c9a0953e8e2b
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
    Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb
    Size/MD5 checksum:   160454 b6f68df817e14a3c52422e4f0e810bd3
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb
    Size/MD5 checksum: 10447584 94e37843d38106635045906d58bd9386

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb
    Size/MD5 checksum:   160482 947be2b50da1219d1cbcf9dab63b2280
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb
    Size/MD5 checksum: 10596054 be4f110f1d50077b53e013d2824cc1d4

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb
    Size/MD5 checksum:   160482 5b6f5d955d309e47fea09e97b24d7d58
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb
    Size/MD5 checksum: 10228974 6c38e3e691756beccd1ccfdba259d2a8

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb
    Size/MD5 checksum: 11419604 c99bb84c7a074900400e59de2b10dcce
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb
    Size/MD5 checksum:   160440 8887e35cc887febad15f9b6cf08694fe

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb
    Size/MD5 checksum:   160488 6c9a8ba39a6bab1a47dd1da8e99a5205
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb
    Size/MD5 checksum: 10286504 7f5d4b747a51e9c72d1114f9bcf6a209

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb
    Size/MD5 checksum:   160438 a6e0c9b90c90b6815fd607899aeb7583
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb
    Size/MD5 checksum: 10638988 f10525a9b20cc799c0e000c3e81738ab

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
    Size/MD5 checksum: 17176288 7af880364d53b18ba72b1f85f3813c81
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc
    Size/MD5 checksum:     2269 25a2e18e12a838535c3fd74525696fa0
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz
    Size/MD5 checksum:    37993 5f7815f2c6a24f3a0c940d773cca8fb1

Architecture independent packages:

  http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb
    Size/MD5 checksum: 10107778 003176253e4c0d64c2789c08b6dd66e9

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:  6503088 80524049752431123c6e6cc215fed088
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:  2572362 40c3491023cc6a44c28b44b677469770
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:   118116 91367407df721cef2eb5b31f13dad521
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:   220264 af212fee26d899114ec8c0d636af9ea4
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:    94940 4f1bb7f6f1586967d2f7fc238845fdc6

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:   219254 01a4c8c4bc2b7821de6659b20e92a0e5
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:  6190146 4b26686b063745de28647836fed2ea90
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:  2255242 1b74f4a729f808034495f526423c7ea1
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:    91264 fadd3bb75f6f420f017d1877e4e77e44
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:   110838 6f83e99f96620005fd227f57e68af487

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:   213782 f1009fafa12fad8814aa0b5ad50bf47c
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:  6436462 11af4dbe53e3f1e4780b35caeacf72fb
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:  2857208 f01092a233b3b928e3ff9f12bc335bf6
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:   120516 13a1fbcb74d8beec5d64dace004888a7
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:    95580 6cdbe3107c91d2801e30c97436e90aa4

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:  2408778 318c10977b3163005ce86d25a6fbbd5d
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:   218838 e8507655153c209a3bfb11e65e5d9d6d
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:    92168 5a9902f58745a70017af6a8be0781bb3
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:   113690 ffb524935d65cc5b57a7eb3b24899a3e
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:  6143092 3556d0ebf225180e0cfa0f8e61bcbb1e

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:   129792 372c5de0189470c2dd091641ccbc1800
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:  3419898 d2209d01f85549fb3138132429cc0314
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:    99694 e35321d55a12521b6bcd572ed48e325b
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:   213738 60ccb4b7a99438004ce57b42be023f76
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:  6137762 84e1478a41d2a863b2e84167818142e3

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:   220670 8a620eb5ec5247f56eef3094d1f9d2b7
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:  6615710 902001a21b48fd095880a4e16f521ee7
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:    93276 320b39a0c683153dc68f9226cc29e95d
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:  2352486 bbe1b44420951fe0e407f358d67a0a24
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:   113280 dc1fac2d857056eb66ca850dd701b8f6

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:    92556 9a037a486b3deac0132f225bcabaaee7
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:   213808 ad12c34cf25c343b4bb5bc1a1ec5c270
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:  2334122 a3a70c83bc51aa54fe6f14548ca63501
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:   112320 c7510452c2552b185a9d4eccc0811db2
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:  6484920 57d9d7045ddb263e696cb6717511e355

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:   125054 725fed9a64daced20fd78bdfbe475f5a
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:  2465966 0adffc6510e079277208350f555f1f63
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:  6513716 66c59b08db75c184018ce915b1e1232a
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:   213790 4a6ffd87ebc1c8523986e79b2beb50c1
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:    99302 3f5b40706aae46d7c0620bf02a6df66c

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:   213726 249fda940d16912cc17fb5d3c0ff1fcd
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:  6397416 9aa410ab707a207d56000a97235a98b5
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:  2691100 61a7c41104aded19357ad64f1b05369c
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:    94272 07cbb34ce382829898fbd57c0b794529
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:   118362 1be4d726b78ad9efab9a16b4a2ea95cf

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:   111248 b23db7090cc78d9be75a38c4214c94ee
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:  6018682 22883c64d15fd48d06e94ff47f6c85a9
  http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:    91462 7b506ec24eb68f91642d0d33d670bfbd
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:  2375358 8b97ebe934f59044c72dcce69f7f12db
  http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:   213794 2e3bb50d5485dc3979cd07bcc7090cc9


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR86xJWz0hbPcukPfAQLq1wf/c6tLwJQv+HwPtHQYnYYC6rJ6ceYjMtZ7
xCGX/TpWnrkEuUCRhdztiAwD4GIZ8NS4LpIa0Dqep+30OhgOggz/DNa0rFin09C7
gD55GOVMLHtDaMauJ4+A1wL5HM2tGt9ItnLHuN3Mii9LmNYkyDILFySUOuVqLE3W
j01YKE65TJ21808gkxYwsvSGdpdTHznJRZs5aTkNBJtSUr0KJjaTzpupwzxSV5qQ
9HNU8tIZXsFJrmW2zNJYHQF4yAy9k+u/4Lh/IpMlZhL58OB7a3AjH9GkiZYURGNP
+S2U/NipW/52ezFaFBTempkbWobAeY6QB/Maf4KnitumsfBa2fyFUg==
=FNuj
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ