Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:648

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51421

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:648

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:648.

Evolution is a Gnome-based personal information manager (PIM). It
includes email, address book, calendar and other integrated
features.

Core Security Technologies found[1] several vulnerabilities in
Evolution <= 1.2.2 and in the gtkhtml library (which is used by
Evolution and other gnome programs to render basic HTML).

These vulnerabilities can be exploited by remote attackers (using
specially crafted e-mails) to crash evolution, cause general system
instability through resource starvation or to bypass some security
restrictions.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the names CVE-2003-0128, CVE-2003-0129 and CVE-2003-0130 to the
issues[2,3,4] discovered.

In Conectiva Linux 7.0 and 8, Evolution is being upgraded to the
1.0.3 version with patches to fix the vulnerabilities. Note that in
order to upgrade Evolution in Conectiva Linux 7.0, several packages
had to be added (Gnome components necessary to run the 1.0.3 version
of Evolution that were not distributed with Conectiva Linux 7.0).
These packages are included in this update.

The Evolution package distributed with Conectiva Linux 9
(evolution-1.2.2-28320cl) already has the fixes for its
vulnerabilities [2,3]. For this version of Conectiva Linux, only the
fix for the gtkhml vulnerability[4] is included.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0130
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:648
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0128
BugTraq ID: 7117
http://www.securityfocus.com/bid/7117
Bugtraq: 20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent (Google Search)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
Bugtraq: 20030321 GLSA: evolution (200303-18) (Google Search)
http://marc.info/?l=bugtraq&m=104826470527308&w=2
Conectiva Linux advisory: CLA-2003:648
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A107
http://www.redhat.com/support/errata/RHSA-2003-108.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0129
BugTraq ID: 7118
http://www.securityfocus.com/bid/7118
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A108
Common Vulnerability Exposure (CVE) ID: CVE-2003-0130
BugTraq ID: 7119
http://www.securityfocus.com/bid/7119
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A111

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51421
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:648
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:648. Evolution is a Gnome-based personal information manager (PIM). It includes email, address book, calendar and other integrated features. Core Security Technologies found[1] several vulnerabilities in Evolution <= 1.2.2 and in the gtkhtml library (which is used by Evolution and other gnome programs to render basic HTML). These vulnerabilities can be exploited by remote attackers (using specially crafted e-mails) to crash evolution, cause general system instability through resource starvation or to bypass some security restrictions. The Common Vulnerabilities and Exposures (CVE) project has assigned the names CVE-2003-0128, CVE-2003-0129 and CVE-2003-0130 to the issues[2,3,4] discovered. In Conectiva Linux 7.0 and 8, Evolution is being upgraded to the 1.0.3 version with patches to fix the vulnerabilities. Note that in order to upgrade Evolution in Conectiva Linux 7.0, several packages had to be added (Gnome components necessary to run the 1.0.3 version of Evolution that were not distributed with Conectiva Linux 7.0). These packages are included in this update. The Evolution package distributed with Conectiva Linux 9 (evolution-1.2.2-28320cl) already has the fixes for its vulnerabilities [2,3]. For this version of Conectiva Linux, only the fix for the gtkhml vulnerability[4] is included. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0130 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:648 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0128 BugTraq ID: 7117 http://www.securityfocus.com/bid/7117 Bugtraq: 20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html Bugtraq: 20030321 GLSA: evolution (200303-18) (Google Search) http://marc.info/?l=bugtraq&m=104826470527308&w=2 Conectiva Linux advisory: CLA-2003:648 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648 http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2003:045 http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A107 http://www.redhat.com/support/errata/RHSA-2003-108.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0129 BugTraq ID: 7118 http://www.securityfocus.com/bid/7118 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A108 Common Vulnerability Exposure (CVE) ID: CVE-2003-0130 BugTraq ID: 7119 http://www.securityfocus.com/bid/7119 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A111
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com