Säkerhetsbulletin från Debian

DSA-1512-1 evolution -- formatsträngsattack

Rapporterat den:
2008-03-05
Berörda paket:
evolution
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2008-0072.
Ytterligare information:

Ulf Härnhammar upptäckte att Evolution, e-post- och grupprogramsviten, innehåller en formatsträngssårbarhet i tolkningen av krypterade e-postmeddelanden. Om användaren öppnade ett specialskrivet e-postmeddelande var det möjligt att exekvera kod.

För den stabila utgåvan (Etch) har detta problem rättats i version 2.6.3-6etch2.

För den gamla stabila utgåvan (Sarge) har detta problem rättats i version 2.0.4-2sarge3. Vissa arkitekturer är ännu inte färdiga med att bygga de uppdaterade paketen för Sarge, de kommer läggas till när de blir tillgängliga.

För den instabila utgåvan (Sid) har detta problem rättats i version 2.12.3-1.1.

Vi rekommenderar att ni uppgraderar ert evolution-paket.

Rättat i:

Debian GNU/Linux 3.1 (sarge)

Källkod:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
AMD64:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb
HP Precision:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb
AMD64:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.