Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:063 (evolution)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60467

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:063 (evolution)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to evolution
announced via advisory MDVSA-2008:063.

Ulf Harnhammar of Secunia Research discovered a format string flaw
in how Evolution displayed encrypted mail content. If a user were
to open a carefully crafted email message, arbitrary code could be
executed with the permissions of the user running Evolution.

The updated packages have been patched to correct this issue.

Affected: 2007.1, 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:063

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-0072
BugTraq ID: 28102
http://www.securityfocus.com/bid/28102
Bugtraq: 20080528 rPSA-2008-0105-1 evolution (Google Search)
http://www.securityfocus.com/archive/1/492684/100/0/threaded
CERT/CC vulnerability note: VU#512491
http://www.kb.cert.org/vuls/id/512491
Debian Security Information: DSA-1512 (Google Search)
http://www.debian.org/security/2008/dsa-1512
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00190.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00195.html
http://security.gentoo.org/glsa/glsa-200803-12.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:063
http://secunia.com/secunia_research/2008-8/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10701
http://www.redhat.com/support/errata/RHSA-2008-0177.html
http://www.redhat.com/support/errata/RHSA-2008-0178.html
http://www.securitytracker.com/id?1019540
http://secunia.com/advisories/29057
http://secunia.com/advisories/29163
http://secunia.com/advisories/29210
http://secunia.com/advisories/29244
http://secunia.com/advisories/29258
http://secunia.com/advisories/29264
http://secunia.com/advisories/29317
http://secunia.com/advisories/30437
http://secunia.com/advisories/30491
SuSE Security Announcement: SUSE-SA:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html
http://www.ubuntu.com/usn/usn-583-1
http://www.vupen.com/english/advisories/2008/0768/references
XForce ISS Database: evolution-emfmultipart-format-string(41011)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41011

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60467
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:063 (evolution)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to evolution announced via advisory MDVSA-2008:063. Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution. The updated packages have been patched to correct this issue. Affected: 2007.1, 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:063 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0072 BugTraq ID: 28102 http://www.securityfocus.com/bid/28102 Bugtraq: 20080528 rPSA-2008-0105-1 evolution (Google Search) http://www.securityfocus.com/archive/1/492684/100/0/threaded CERT/CC vulnerability note: VU#512491 http://www.kb.cert.org/vuls/id/512491 Debian Security Information: DSA-1512 (Google Search) http://www.debian.org/security/2008/dsa-1512 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00190.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00195.html http://security.gentoo.org/glsa/glsa-200803-12.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:063 http://secunia.com/secunia_research/2008-8/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10701 http://www.redhat.com/support/errata/RHSA-2008-0177.html http://www.redhat.com/support/errata/RHSA-2008-0178.html http://www.securitytracker.com/id?1019540 http://secunia.com/advisories/29057 http://secunia.com/advisories/29163 http://secunia.com/advisories/29210 http://secunia.com/advisories/29244 http://secunia.com/advisories/29258 http://secunia.com/advisories/29264 http://secunia.com/advisories/29317 http://secunia.com/advisories/30437 http://secunia.com/advisories/30491 SuSE Security Announcement: SUSE-SA:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html http://www.ubuntu.com/usn/usn-583-1 http://www.vupen.com/english/advisories/2008/0768/references XForce ISS Database: evolution-emfmultipart-format-string(41011) https://exchange.xforce.ibmcloud.com/vulnerabilities/41011
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com