(RHSA-2005:267) Evolution security update

2005-08-29T04:00:00
ID RHSA-2005:267
Type redhat
Reporter RedHat
Modified 2017-09-08T12:11:05

Description

Evolution is the GNOME collection of personal information management (PIM) tools.

A format string bug was found in Evolution. If a user tries to save a carefully crafted meeting or appointment, arbitrary code may be executed as the user running Evolution. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2550 to this issue.

Additionally, several other format string bugs were found in Evolution. If a user views a malicious vCard, connects to a malicious LDAP server, or displays a task list from a malicious remote server, arbitrary code may be executed as the user running Evolution. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2549 to this issue. Please note that this issue only affects Red Hat Enterprise Linux 4.

All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.