CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.6%
CentOS Errata and Security Advisory CESA-2005:267
Evolution is the GNOME collection of personal information management (PIM)
tools.
A format string bug was found in Evolution. If a user tries to save a
carefully crafted meeting or appointment, arbitrary code may be executed as
the user running Evolution. The Common Vulnerabilities and Exposures
project has assigned the name CAN-2005-2550 to this issue.
Additionally, several other format string bugs were found in Evolution. If
a user views a malicious vCard, connects to a malicious LDAP server, or
displays a task list from a malicious remote server, arbitrary code may be
executed as the user running Evolution. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2005-2549 to this issue. Please
note that this issue only affects Red Hat Enterprise Linux 4.
All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-August/074260.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074261.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074262.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074263.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074265.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074266.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074267.html
https://lists.centos.org/pipermail/centos-announce/2005-August/074268.html
https://lists.centos.org/pipermail/centos-announce/2005-August/087017.html
Affected packages:
evolution
evolution-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2005:267
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | evolution | < 2.0.2-16.3 | evolution-2.0.2-16.3.ia64.rpm |
CentOS | 4 | ia64 | evolution-devel | < 2.0.2-16.3 | evolution-devel-2.0.2-16.3.ia64.rpm |
CentOS | 3 | ia64 | evolution | < 1.4.5-16 | evolution-1.4.5-16.ia64.rpm |
CentOS | 3 | ia64 | evolution-devel | < 1.4.5-16 | evolution-devel-1.4.5-16.ia64.rpm |
CentOS | 4 | ia64 | evolution | < 2.0.2-16.3 | evolution-2.0.2-16.3.ia64.rpm |
CentOS | 4 | ia64 | evolution-devel | < 2.0.2-16.3 | evolution-devel-2.0.2-16.3.ia64.rpm |
CentOS | 4 | i386 | evolution | < 2.0.2-16.3 | evolution-2.0.2-16.3.i386.rpm |
CentOS | 4 | i386 | evolution-devel | < 2.0.2-16.3 | evolution-devel-2.0.2-16.3.i386.rpm |
CentOS | 4 | ia64 | evolution | < 2.0.2-16.3 | evolution-2.0.2-16.3.ia64.rpm |
CentOS | 4 | ia64 | evolution-devel | < 2.0.2-16.3 | evolution-devel-2.0.2-16.3.ia64.rpm |