Säkerhetsbulletin från Debian

DSA-1325-1 evolution -- flera sårbarheter

Rapporterat den:
2007-06-29
Berörda paket:
evolution
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2007-1002, CVE-2007-3257.
Ytterligare information:

Flera utifrån nåbara sårbarheter har upptäckts i Evolution, en gruppprogramvarusvit med e-postklient och organiserare. Projektet Common Vulnerabilities and Exposures identifierar följande problem:

  • CVE-2007-1002

    Ulf Härnhammar upptäckte att en formatsträngssårbarhet i koden för hantering av delade kalendrar kunde möjliggöra exekvering av godtycklig kod.

  • CVE-2007-3257

    Man har upptäckt att IMAP-koden i Evolution Data Server inte utför tillräcklig städning av ett värde som senare används som fältindex, vilket kunde leda till exekvering av godtycklig kod.

För den gamla stabila utgåvan (Sarge) har dessa problem rättats i version 2.0.4-2sarge2. Paket för hppa, mips and powerpc är ännu inte tillgängliga. De kommer tillhandahållas senare.

För den stabila utgåvan (Etch) har dessa problem rättats i version 2.6.3-6etch1. Paket för mips är ännu inte tillgängliga. De kommer tillhandahållas senare.

För den instabila utgåvan (Sid) kommer dessa problem att rättas inom kort.

Vi rekommenderar att ni uppgraderar era evolution-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.dsc
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.diff.gz
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_alpha.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_alpha.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_alpha.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_alpha.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_arm.deb
HPPA:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_hppa.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_ia64.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_powerpc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Källkod:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.dsc
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.diff.gz
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_alpha.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_amd64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_arm.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_i386.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_ia64.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_m68k.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_m68k.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_mipsel.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_s390.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_sparc.deb
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.