From aliz@gentoo.org Sat Mar 22 23:05:01 2003 From: Daniel Ahlberg To: full-disclosure@lists.netsys.com Date: Fri, 21 Mar 2003 17:02:16 +0100 Subject: [Full-Disclosure] GLSA: evolution (200303-18) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 - - --------------------------------------------------------------------- PACKAGE : evolution SUMMARY : multiple vulnerabilities DATE : 2003-03-21 16:02 UTC EXPLOIT : remote VERSIONS AFFECTED : <1.2.3 FIXED VERSION : >=1.2.3 CVE : CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 - - --------------------------------------------------------------------- - From advisory: "Three vulnerabilities were found that could lead to various forms of exploitation ranging from denying to users the ability to read email, provoke system unstability, bypassing security context checks for email content and possibly execution of arbitrary commands on vulnerable systems." Read the full advisory at: http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/evolution upgrade to evolution-1.2.3 as follows: emerge sync emerge evolution emerge clean - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+ezeDfT7nyhUpoZMRAqgFAKCMJiPWrcXzncBhgk1/lQ6F1qvdPwCff0L8 puU/UmXZptBvDuVLe66YBNg= =7I0C -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html