[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20080305144346.7E8DC326C4B@morgana.loeki.tv>
Date: Wed, 5 Mar 2008 15:43:46 +0100 (CET)
From: thijs@...ian.org (Thijs Kinkhorst)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1512-1 security@...ian.org
http://www.debian.org/security/ Thijs Kinkhorst
March 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : evolution
Vulnerability : format string attack
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0072
Ulf Härnhammar discovered that Evolution, the e-mail and groupware suite,
had a format string vulnerability in the parsing of encrypted mail messages.
If the user opened a specially crafted email message, code execution was
possible.
For the stable distribution (etch), this problem has been fixed in version
2.6.3-6etch2.
For the old stable distribution (sarge), this problem has been fixed in
version 2.0.4-2sarge3. Some architectures have not yet completed building
the updated package for sarge at this time, they will be added as they
come available.
For the unstable distribution (sid), this problem has been fixed in
version 2.12.3-1.1.
We recommend that you upgrade your evolution package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz
Size/MD5 checksum: 294256 892634ed1c28416dea721a0ee1374d84
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc
Size/MD5 checksum: 1459 e4a9b6f334108cae7550c9a0953e8e2b
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb
Size/MD5 checksum: 160454 b6f68df817e14a3c52422e4f0e810bd3
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb
Size/MD5 checksum: 10447584 94e37843d38106635045906d58bd9386
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb
Size/MD5 checksum: 160482 947be2b50da1219d1cbcf9dab63b2280
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb
Size/MD5 checksum: 10596054 be4f110f1d50077b53e013d2824cc1d4
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb
Size/MD5 checksum: 160482 5b6f5d955d309e47fea09e97b24d7d58
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb
Size/MD5 checksum: 10228974 6c38e3e691756beccd1ccfdba259d2a8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb
Size/MD5 checksum: 11419604 c99bb84c7a074900400e59de2b10dcce
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb
Size/MD5 checksum: 160440 8887e35cc887febad15f9b6cf08694fe
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb
Size/MD5 checksum: 160488 6c9a8ba39a6bab1a47dd1da8e99a5205
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb
Size/MD5 checksum: 10286504 7f5d4b747a51e9c72d1114f9bcf6a209
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb
Size/MD5 checksum: 160438 a6e0c9b90c90b6815fd607899aeb7583
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb
Size/MD5 checksum: 10638988 f10525a9b20cc799c0e000c3e81738ab
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
Size/MD5 checksum: 17176288 7af880364d53b18ba72b1f85f3813c81
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc
Size/MD5 checksum: 2269 25a2e18e12a838535c3fd74525696fa0
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz
Size/MD5 checksum: 37993 5f7815f2c6a24f3a0c940d773cca8fb1
Architecture independent packages:
http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb
Size/MD5 checksum: 10107778 003176253e4c0d64c2789c08b6dd66e9
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 6503088 80524049752431123c6e6cc215fed088
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 2572362 40c3491023cc6a44c28b44b677469770
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 118116 91367407df721cef2eb5b31f13dad521
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 220264 af212fee26d899114ec8c0d636af9ea4
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 94940 4f1bb7f6f1586967d2f7fc238845fdc6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 219254 01a4c8c4bc2b7821de6659b20e92a0e5
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 6190146 4b26686b063745de28647836fed2ea90
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 2255242 1b74f4a729f808034495f526423c7ea1
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 91264 fadd3bb75f6f420f017d1877e4e77e44
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 110838 6f83e99f96620005fd227f57e68af487
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 213782 f1009fafa12fad8814aa0b5ad50bf47c
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 6436462 11af4dbe53e3f1e4780b35caeacf72fb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 2857208 f01092a233b3b928e3ff9f12bc335bf6
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 120516 13a1fbcb74d8beec5d64dace004888a7
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 95580 6cdbe3107c91d2801e30c97436e90aa4
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 2408778 318c10977b3163005ce86d25a6fbbd5d
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 218838 e8507655153c209a3bfb11e65e5d9d6d
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 92168 5a9902f58745a70017af6a8be0781bb3
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 113690 ffb524935d65cc5b57a7eb3b24899a3e
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 6143092 3556d0ebf225180e0cfa0f8e61bcbb1e
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 129792 372c5de0189470c2dd091641ccbc1800
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 3419898 d2209d01f85549fb3138132429cc0314
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 99694 e35321d55a12521b6bcd572ed48e325b
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 213738 60ccb4b7a99438004ce57b42be023f76
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 6137762 84e1478a41d2a863b2e84167818142e3
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 220670 8a620eb5ec5247f56eef3094d1f9d2b7
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 6615710 902001a21b48fd095880a4e16f521ee7
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 93276 320b39a0c683153dc68f9226cc29e95d
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 2352486 bbe1b44420951fe0e407f358d67a0a24
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 113280 dc1fac2d857056eb66ca850dd701b8f6
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 92556 9a037a486b3deac0132f225bcabaaee7
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 213808 ad12c34cf25c343b4bb5bc1a1ec5c270
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 2334122 a3a70c83bc51aa54fe6f14548ca63501
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 112320 c7510452c2552b185a9d4eccc0811db2
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 6484920 57d9d7045ddb263e696cb6717511e355
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 125054 725fed9a64daced20fd78bdfbe475f5a
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 2465966 0adffc6510e079277208350f555f1f63
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 6513716 66c59b08db75c184018ce915b1e1232a
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 213790 4a6ffd87ebc1c8523986e79b2beb50c1
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 99302 3f5b40706aae46d7c0620bf02a6df66c
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 213726 249fda940d16912cc17fb5d3c0ff1fcd
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 6397416 9aa410ab707a207d56000a97235a98b5
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 2691100 61a7c41104aded19357ad64f1b05369c
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 94272 07cbb34ce382829898fbd57c0b794529
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 118362 1be4d726b78ad9efab9a16b4a2ea95cf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 111248 b23db7090cc78d9be75a38c4214c94ee
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 6018682 22883c64d15fd48d06e94ff47f6c85a9
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 91462 7b506ec24eb68f91642d0d33d670bfbd
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 2375358 8b97ebe934f59044c72dcce69f7f12db
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 213794 2e3bb50d5485dc3979cd07bcc7090cc9
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBR86xJWz0hbPcukPfAQLq1wf/c6tLwJQv+HwPtHQYnYYC6rJ6ceYjMtZ7
xCGX/TpWnrkEuUCRhdztiAwD4GIZ8NS4LpIa0Dqep+30OhgOggz/DNa0rFin09C7
gD55GOVMLHtDaMauJ4+A1wL5HM2tGt9ItnLHuN3Mii9LmNYkyDILFySUOuVqLE3W
j01YKE65TJ21808gkxYwsvSGdpdTHznJRZs5aTkNBJtSUr0KJjaTzpupwzxSV5qQ
9HNU8tIZXsFJrmW2zNJYHQF4yAy9k+u/4Lh/IpMlZhL58OB7a3AjH9GkiZYURGNP
+S2U/NipW/52ezFaFBTempkbWobAeY6QB/Maf4KnitumsfBa2fyFUg==
=FNuj
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists