CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.0%
CentOS Errata and Security Advisory CESA-2008:0516
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If mail which included a carefully crafted iCalendar attachment was
opened, arbitrary code could be executed as the user running Evolution.
(CVE-2008-1108)
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.
All users of Evolution should upgrade to these updated packages, which
contains a backported patch which resolves this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077112.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077113.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077119.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077120.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077124.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077125.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077130.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077131.html
Affected packages:
evolution
evolution-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0516
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | evolution | < 2.0.2-35.0.4.c4.2 | evolution-2.0.2-35.0.4.c4.2.ia64.rpm |
CentOS | 4 | ia64 | evolution-devel | < 2.0.2-35.0.4.c4.2 | evolution-devel-2.0.2-35.0.4.c4.2.ia64.rpm |
CentOS | 3 | ia64 | evolution | < 1.4.5-22.el3 | evolution-1.4.5-22.el3.ia64.rpm |
CentOS | 3 | ia64 | evolution-devel | < 1.4.5-22.el3 | evolution-devel-1.4.5-22.el3.ia64.rpm |
CentOS | 4 | s390 | evolution | < 2.0.2-35.0.4.c4.2 | evolution-2.0.2-35.0.4.c4.2.s390.rpm |
CentOS | 4 | s390 | evolution-devel | < 2.0.2-35.0.4.c4.2 | evolution-devel-2.0.2-35.0.4.c4.2.s390.rpm |
CentOS | 4 | s390x | evolution | < 2.0.2-35.0.4.c4.2 | evolution-2.0.2-35.0.4.c4.2.s390x.rpm |
CentOS | 4 | s390x | evolution-devel | < 2.0.2-35.0.4.c4.2 | evolution-devel-2.0.2-35.0.4.c4.2.s390x.rpm |
CentOS | 3 | s390 | evolution | < 1.4.5-22.el3 | evolution-1.4.5-22.el3.s390.rpm |
CentOS | 3 | s390 | evolution-devel | < 1.4.5-22.el3 | evolution-devel-1.4.5-22.el3.s390.rpm |