Gnome Evolution html_engine_get_view_width()拒绝服务漏洞

BUGTRAQ ID: 29961 Evolution是个人和工作组信息管理解决方案，可使用在Linux和Unix操作系统下，集成Email、日历、会议安排、联系人管理等功能。 Evolution的htmlenginegetviewwidth函数没有正确地解析HTML编码的邮件消息，如果远程攻击者向Evolution发送了特制的邮件消息的话，就会导致客户端崩溃。 GNOME Evolution 2.22.2 GNOME ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

evolution security update

CentOS Errata and Security Advisory CESA-2008:0514 Updated evolution packages that fix two buffer overflow vulnerabilities are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the...

GNOME Evolution 2.22.2 - html_engine_get_view_width() Denial of Service

GNOME Evolution 2.22.2 - htmlenginegetviewwidth Denial of Service source: https://www.securityfocus.com/bid/29961/info GNOME Evolution is prone to a denial-of-service vulnerability when handling email messages that contain specially crafted HTML. Successful attacks will crash the application...

Gnome / Evolution HTML parsing memory corruption

Memory corruption on HTML parsing, including HTML messages in Evolution...

Evolution Vulnerability

Application: Evolution 2.22.2 OS: Linux - Ubuntu 8.04 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description Evolution is an email client that is built with ubuntu...

GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial of Service

source: https://www.securityfocus.com/bid/29961/info GNOME Evolution is prone to a denial-of-service vulnerability when handling email messages that contain specially crafted HTML. Successful attacks will crash the application. Evolution 2.22.2 is vulnerable; other versions may also be affected...

GLSA-200806-06 : Evolution: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200806-06 Evolution: User-assisted execution of arbitrary code Alin Rad Pop Secunia Research reported two vulnerabilities in Evolution: A boundary error exists when parsing overly long timezone strings contained within iCalendar...

SuSE 10 Security Update : evolution (ZYPP Patch Number 5327)

Multiple buffer overflows have been fixed in evolution. CVE-2008-1108 / CVE-2008-1109 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Evolution: User-assisted execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Description Alin Rad Pop Secunia Research reported two vulnerabilities in Evolution: A boundary error exists when parsing overly long timezone strings contained within iCalendar attachments and when the ITip formatter is...

openSUSE 10 Security Update : evolution (evolution-5326)

Multiple buffer overflows have been fixed in evolution. CVE-2008-1108 and CVE-2008-1109 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update evolution-5326. The te...

Fedora 8 : evolution-2.12.3-5.fc8 (2008-5016)

Fix two buffer overflows in iCalendar .ics file fromat support discovered and reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109, SA30298 See referenced bugzilla bugs or Secunia advisories for further details: http://secunia.com/advisories/30298...

CentOS 4 : evolution28 (CESA-2008:0515)

Updated evolution28 packages that address two buffer overflow vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring,...

Fedora 9 : evolution-2.22.2-2.fc9 (2008-4990)

Fix two buffer overflows in iCalendar .ics file fromat support discovered and reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109, SA30298 See referenced bugzilla bugs or Secunia advisories for further details: http://secunia.com/advisories/30298...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : evolution vulnerabilities (USN-615-1)

Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or possibly execute code wi...

CentOS 3 / 4 : evolution (CESA-2008:0516)

Updated evolution packages that address a buffer overflow vulnerability are now available for Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the integrated collection of...

USN-615-1: Evolution vulnerabilities

Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or possibly execute code wi...

[SECURITY] Fedora 7 Update: evolution-2.10.3-10.fc7

Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool...

[SECURITY] Fedora 8 Update: evolution-2.12.3-5.fc8

Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool...

[SECURITY] Fedora 9 Update: evolution-2.22.2-2.fc9

Evolution is the GNOME mailer, calendar, contact manager and communications tool. The components which make up Evolution are tightly integrated with one another and act as a seamless personal information-management tool...

RHEL 3 / 4 : evolution (RHSA-2008:0516)

Updated evolution packages that address a buffer overflow vulnerability are now available for Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the integrated collection of...