Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:0158

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58894

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2007:0158

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2007:0158.

Evolution is the GNOME collection of personal information management (PIM)
tools.

A format string bug was found in the way Evolution parsed the category field
in a memo. If a user tried to save and then view a carefully crafted memo,
arbitrary code may be executed as the user running Evolution. (CVE-2007-1002)

This flaw did not affect the versions of Evolution shipped with Red Hat
Enterprise Linux 2.1, 3, or 4.

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

Red Hat would like to thank Ulf HÃ¤rnhammar of Secunia Research for
reporting this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0158.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1002
BugTraq ID: 23073
http://www.securityfocus.com/bid/23073
Bugtraq: 20070321 Secunia Research: Evolution Shared Memo Categories Format StringVulnerability (Google Search)
http://www.securityfocus.com/archive/1/463406/100/0/threaded
Bugtraq: 20070405 FLEA-2007-0010-1: evolution (Google Search)
http://www.securityfocus.com/archive/1/464820/30/7170/threaded
Debian Security Information: DSA-1325 (Google Search)
http://www.debian.org/security/2007/dsa-1325
http://security.gentoo.org/glsa/glsa-200706-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:070
http://secunia.com/secunia_research/2007-44/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10100
RedHat Security Advisories: RHSA-2007:0158
https://rhn.redhat.com/errata/RHSA-2007-0158.html
http://www.securitytracker.com/id?1017808
http://secunia.com/advisories/24234
http://secunia.com/advisories/24651
http://secunia.com/advisories/24668
http://secunia.com/advisories/25102
http://secunia.com/advisories/25551
http://secunia.com/advisories/25880
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.ubuntu.com/usn/usn-442-1
http://www.vupen.com/english/advisories/2007/1058
XForce ISS Database: evolution-writehtml-format-string(33106)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33106

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58894
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0158
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0158. Evolution is the GNOME collection of personal information management (PIM) tools. A format string bug was found in the way Evolution parsed the category field in a memo. If a user tried to save and then view a carefully crafted memo, arbitrary code may be executed as the user running Evolution. (CVE-2007-1002) This flaw did not affect the versions of Evolution shipped with Red Hat Enterprise Linux 2.1, 3, or 4. All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf HÃ¤rnhammar of Secunia Research for reporting this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0158.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1002 BugTraq ID: 23073 http://www.securityfocus.com/bid/23073 Bugtraq: 20070321 Secunia Research: Evolution Shared Memo Categories Format StringVulnerability (Google Search) http://www.securityfocus.com/archive/1/463406/100/0/threaded Bugtraq: 20070405 FLEA-2007-0010-1: evolution (Google Search) http://www.securityfocus.com/archive/1/464820/30/7170/threaded Debian Security Information: DSA-1325 (Google Search) http://www.debian.org/security/2007/dsa-1325 http://security.gentoo.org/glsa/glsa-200706-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:070 http://secunia.com/secunia_research/2007-44/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10100 RedHat Security Advisories: RHSA-2007:0158 https://rhn.redhat.com/errata/RHSA-2007-0158.html http://www.securitytracker.com/id?1017808 http://secunia.com/advisories/24234 http://secunia.com/advisories/24651 http://secunia.com/advisories/24668 http://secunia.com/advisories/25102 http://secunia.com/advisories/25551 http://secunia.com/advisories/25880 SuSE Security Announcement: SUSE-SR:2007:015 (Google Search) http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.ubuntu.com/usn/usn-442-1 http://www.vupen.com/english/advisories/2007/1058 XForce ISS Database: evolution-writehtml-format-string(33106) https://exchange.xforce.ibmcloud.com/vulnerabilities/33106
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com