Test ID:	1.3.6.1.4.1.25623.1.0.61064
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0514
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0514. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of text/calendar) to be displayed as part of the e-mail message, is enabled by default. A heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long DESCRIPTION property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code could be executed as the user running Evolution. (CVE-2008-1109). The particular response required to trigger this vulnerability was as follows: 1. Receive the carefully crafted iCalendar attachment. 2. Accept the associated meeting. 3. Open the calender the meeting was in. 4. Reply to the sender. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing these issues. All Evolution users should upgrade to these updated packages, which contain backported patches which resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0514.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1108 BugTraq ID: 29527 http://www.securityfocus.com/bid/29527 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html http://security.gentoo.org/glsa/glsa-200806-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:111 http://secunia.com/secunia_research/2008-22/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471 http://www.redhat.com/support/errata/RHSA-2008-0514.html http://www.redhat.com/support/errata/RHSA-2008-0515.html http://www.redhat.com/support/errata/RHSA-2008-0516.html http://www.redhat.com/support/errata/RHSA-2008-0517.html http://www.securitytracker.com/id?1020169 http://secunia.com/advisories/30298 http://secunia.com/advisories/30527 http://secunia.com/advisories/30536 http://secunia.com/advisories/30564 http://secunia.com/advisories/30571 http://secunia.com/advisories/30702 http://secunia.com/advisories/30716 SuSE Security Announcement: SUSE-SA:2008:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html http://www.ubuntu.com/usn/usn-615-1 http://www.vupen.com/english/advisories/2008/1732/references XForce ISS Database: evolution-icalendar-bo(42824) https://exchange.xforce.ibmcloud.com/vulnerabilities/42824 Common Vulnerability Exposure (CVE) ID: CVE-2008-1109 http://secunia.com/secunia_research/2008-23/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337 http://www.securitytracker.com/id?1020170 XForce ISS Database: evolution-icalendar-description-bo(42826) https://exchange.xforce.ibmcloud.com/vulnerabilities/42826
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.