Säkerhetsbulletin från Debian
DSA-1325-1 evolution -- flera sårbarheter
- Rapporterat den:
- 2007-06-29
- Berörda paket:
- evolution
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2007-1002, CVE-2007-3257.
- Ytterligare information:
-
Flera utifrån nåbara sårbarheter har upptäckts i Evolution, en gruppprogramvarusvit med e-postklient och organiserare. Projektet Common Vulnerabilities and Exposures identifierar följande problem:
- CVE-2007-1002
Ulf Härnhammar upptäckte att en formatsträngssårbarhet i koden för hantering av delade kalendrar kunde möjliggöra exekvering av godtycklig kod.
- CVE-2007-3257
Man har upptäckt att IMAP-koden i Evolution Data Server inte utför tillräcklig städning av ett värde som senare används som fältindex, vilket kunde leda till exekvering av godtycklig kod.
För den gamla stabila utgåvan (Sarge) har dessa problem rättats i version 2.0.4-2sarge2. Paket för hppa, mips and powerpc är ännu inte tillgängliga. De kommer tillhandahållas senare.
För den stabila utgåvan (Etch) har dessa problem rättats i version 2.6.3-6etch1. Paket för mips är ännu inte tillgängliga. De kommer tillhandahållas senare.
För den instabila utgåvan (Sid) kommer dessa problem att rättas inom kort.
Vi rekommenderar att ni uppgraderar era evolution-paket.
- CVE-2007-1002
- Rättat i:
-
Debian GNU/Linux 4.0 (etch)
- Källkod:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.dsc
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.diff.gz
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_ia64.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Källkod:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.dsc
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.diff.gz
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_arm.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_arm.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_i386.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_i386.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_ia64.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_m68k.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_mipsel.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_s390.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_s390.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.