Lucene search

K
centosCentOS ProjectCESA-2008:0177
HistoryMar 05, 2008 - 7:23 p.m.

evolution, evolution28 security update

2008-03-0519:23:46
CentOS Project
lists.centos.org
44

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.435 Medium

EPSS

Percentile

97.4%

CentOS Errata and Security Advisory CESA-2008:0177

Evolution is the GNOME collection of personal information management (PIM)
tools.

A format string flaw was found in the way Evolution displayed encrypted
mail content. If a user opened a carefully crafted mail message, arbitrary
code could be executed as the user running Evolution. (CVE-2008-0072)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding
and reporting this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-March/076904.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076905.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076910.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076911.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076912.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076913.html

Affected packages:
evolution
evolution-devel
evolution28
evolution28-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0177

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.435 Medium

EPSS

Percentile

97.4%