lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1FMQ55-000ofjC@finlandia.Infodrom.North.DE>
Date: Thu Mar 23 13:47:45 2006
From: joey at infodrom.org (Martin Schulze)
Subject: [SECURITY] [DSA 1016-1] New evolution packages
	fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1016-1                    security@...ian.org
http://www.debian.org/security/                             Martin Schulze
March 23rd, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : evolution
Vulnerability  : format string vulnerabilities
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-2549 CVE-2005-2550
BugTraq ID     : 14532
Debian Bug     : 322535

Ulf H?rnhammar discovered several format string vulnerabilities in
Evolution, a free groupware suite, that could lead to crashes of the
application or the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed
in version 1.0.5-1woody3.

For the stable distribution (sarge) these problems have been fixed in
version 2.0.4-2sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 2.2.3-3.

We recommend that you upgrade your evolution package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3.dsc
      Size/MD5 checksum:      992 4bafc18ff115d57baa3ecd24feaea244
    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3.diff.gz
      Size/MD5 checksum:    16997 91088d27d6ae64632db5d8fd8eb38f68
    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5.orig.tar.gz
      Size/MD5 checksum: 15010672 d2ffe374b453d28f5456db5af0a7983c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_alpha.deb
      Size/MD5 checksum: 10271404 abcc13e804daccea7e21031124bc60ce
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_alpha.deb
      Size/MD5 checksum:   947970 1112c848840fe6148d8694510674c764
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_alpha.deb
      Size/MD5 checksum:   623132 42a240c46a0c166eb57040e01b403650

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_arm.deb
      Size/MD5 checksum:  9282474 3d0f1299d60f5b54e278049870611a46
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_arm.deb
      Size/MD5 checksum:   663998 22ebfac4576408d91642d119b4220a4d
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_arm.deb
      Size/MD5 checksum:   492764 2d41ff6e38e21dad80e5bc51b7e2fc86

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_i386.deb
      Size/MD5 checksum:  8905760 cbb89adf1743d7b74c25b90a872e5181
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_i386.deb
      Size/MD5 checksum:   586138 7311e70c22a6649808bea31000f1d7ff
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_i386.deb
      Size/MD5 checksum:   470798 6b32f968b3d825d71b236801a16b0567

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_ia64.deb
      Size/MD5 checksum: 11454846 2cb22139d0cac3722c34c48df0bf9af8
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_ia64.deb
      Size/MD5 checksum:   948336 7552edb843b53caf53d3224508a0189f
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_ia64.deb
      Size/MD5 checksum:   771248 98ee08a95db9f16bef5eb7a8751859d1

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_m68k.deb
      Size/MD5 checksum:  8876524 30ac372fbf54049e1228ae4ca608c8b0
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_m68k.deb
      Size/MD5 checksum:   578502 bc44d6ff350f6af098c60ad997ad67f8
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_m68k.deb
      Size/MD5 checksum:   484064 34381b70ae3c9279c406b6f79030e79f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_powerpc.deb
      Size/MD5 checksum:  9339960 1c1fa119eadff662c3073a6e1ee48913
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_powerpc.deb
      Size/MD5 checksum:   680714 aadb7bf1bb320edd25f1021bfdae34a1
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_powerpc.deb
      Size/MD5 checksum:   511438 2be1eca435f231a4b11eb0e1c9d7074c

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_s390.deb
      Size/MD5 checksum:  9219598 aaf3e80bf330bbecac8f1b87ee576fba
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_s390.deb
      Size/MD5 checksum:   640984 ee45e556fb092664f46d635385e8cab9
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_s390.deb
      Size/MD5 checksum:   522988 d8863a51afa2c766ad7d78cee549a23f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_sparc.deb
      Size/MD5 checksum:  9393448 990f7a21e2c5b4e3e6ba1d8a50043c76
    http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_sparc.deb
      Size/MD5 checksum:   670460 2671f6c973f50c8568b77b85b755586d
    http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_sparc.deb
      Size/MD5 checksum:   510158 4c072ea24dc6118d6d61b1a3db749ecb


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1.dsc
      Size/MD5 checksum:     1168 a2292a9ca384524fc9d8a25ed55d2643
    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1.diff.gz
      Size/MD5 checksum:   292544 0b209003ea32f6d7e3700104635e1c66
    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
      Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_alpha.deb
      Size/MD5 checksum: 10648352 a57e9c49b24cfd63372c3d40e6340cf1
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_alpha.deb
      Size/MD5 checksum:   160156 4c8f0ea25015505749159294fa22906a

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_amd64.deb
      Size/MD5 checksum: 10447740 8d7960769fa930794c3df1741cc898d0
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_amd64.deb
      Size/MD5 checksum:   160142 b914752e7ede45830f563cfde1724223

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_arm.deb
      Size/MD5 checksum: 10251522 f9b05a70ca7de94376f9f743afafd253
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_arm.deb
      Size/MD5 checksum:   160330 ad5edfcb8bd6e02da9a64ac5002f1a5d

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_i386.deb
      Size/MD5 checksum: 10229060 370666f99b412a2e22e27574daa63bbf
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_i386.deb
      Size/MD5 checksum:   160292 fd313d654f3fb2ee1d071a2da735a545

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_ia64.deb
      Size/MD5 checksum: 11419362 6320a2e9102d546f9b2f1ca3ca890e93
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_ia64.deb
      Size/MD5 checksum:   160126 f987c7bd28f51bdb7cb62455f4610e40

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_hppa.deb
      Size/MD5 checksum: 10595896 c8ab1a2efdeeed404fb73bfc7b7e4118
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_hppa.deb
      Size/MD5 checksum:   160234 038a336b6be6e9210741d67985714ac6

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_m68k.deb
      Size/MD5 checksum: 10387694 ccf6b43070a7945aaef6bf809f0e443c
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_m68k.deb
      Size/MD5 checksum:   160526 c4da9290cfaa62a89a99619ff1e1bfa8

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_mips.deb
      Size/MD5 checksum: 10221372 3cb0854e03997e57ad54f9317e304ee2
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_mips.deb
      Size/MD5 checksum:   160194 f652e1196bc80e8730a07c87c9b86818

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_mipsel.deb
      Size/MD5 checksum: 10195392 41333d480ec1c0c630b77029600bcd43
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_mipsel.deb
      Size/MD5 checksum:   160240 50622de422b80440f48e99418c71851d

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_powerpc.deb
      Size/MD5 checksum: 10286478 9205d9bee4652c88ed8d1f3e81f30c86
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_powerpc.deb
      Size/MD5 checksum:   160192 1b6390ecb75f2786337b6389ec0ba143

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_s390.deb
      Size/MD5 checksum: 10639180 d57b51ed97164a0e5a751ecd494081aa
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_s390.deb
      Size/MD5 checksum:   160176 c180a583c2c7f60e6d764b7cd7810caf

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_sparc.deb
      Size/MD5 checksum: 10349436 f9bff087eb94d745ef0a69bd9bbe43b0
    http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_sparc.deb
      Size/MD5 checksum:   160218 38ca6ef8c9916964aff746597cc06c75


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEIqXDW5ql+IAeqTIRAlU2AJ96FgEEvv1hW3aqniB5TYUog4n6WQCghbS8
WM1QsaywYclO/d04wYcHYbk=
=LM6x
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ