GNOME Evolution GData SEQUENCE Values Permit Remote Code Execution
|
|
SecurityTracker Alert ID: 1018284
|
|
SecurityTracker URL: http://securitytracker.com/id?1018284
|
|
CVE Reference: CVE-2007-3257
(Links to External Site)
|
Date: Jun 25 2007
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 2.11.4
|
Description: A vulnerability was reported in GNOME Evolution. A remote user can execute arbitrary code on the target system in certain cases.
A remote IMAP server can send a specially crafted negative SEQUENCE value in GData to execute arbitrary code on the connected target
client. The code will run with the privileges of the target client.
The flaw resides in 'camel-imap-folder.c' in the Evolution
Data Server component.
|
Impact: A remote server can execute arbitrary code on the connected target system.
|
Solution: The vendor has issued a fixed version (2.11.4).
|
Vendor URL: www.gnome.org/projects/evolution/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: Srinivasa Ragavan <sragavan@novell.com>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 19 Jun 2007 11:01:09 +0530
From: Srinivasa Ragavan <sragavan@novell.com>
Subject: [Evolution-hackers] Evolution 2.11.4 , Evolution-Data-Server 1.11.4 , GtkHTML 3.15.4 and Evolution-Exchange 2.11.4 released
|
Hi All,
The Evolution Team is pleased to announce the release of Evolution
2.11.4
You can download the following :
http://ftp.acc.umu.se/pub/gnome/sources/gtkhtml/3.15/gtkhtml-3.15.4.tar.bz2
http://ftp.acc.umu.se/pub/gnome/sources/evolution-data-server/1.11/evolution-data-server-1.11.4.tar.b
z2
http://ftp.acc.umu.se/pub/gnome/sources/evolution/2.11/evolution-2.11.4.tar.bz2
http://ftp.acc.umu.se/pub/gnome/sources/evolution-exchange/2.11/evolution-exchange-2.11.4.tar.bz2
Upgrade Notes :
Evolution 2.11.x is the unstable series of 2.12 development.
What is New ?
=============
Evolution:
==========
New in 2.11.4:
Add initial support for the Magic Space Bar (Mutt) to read unread emails in
all folders. (Srinivasa Ragavan)
Portugese help files (Duarte Loreto)
Bug fixes:
#257118: Clear button is now getting disabled after clearing the search (Milan Crha)
#263207: Advanced Search "Remove" button is now inactive (Milan Crha)
#325882: Fix some of the window /dialog positions (Milan Crha)
#330175: Added helper function which test selection for non-space characters. (Milan Crha)
#344728: Add configuration option for Sun Kerberos v5 (Irene Huang)
#386503: Fix a minor typo in Makefile.am (Gilles Dartiguelongue)
#428328: Move away from popt to GOptions (Ghislain MARY)
#437584, 437935: More compilation warnings cleanup (Gilles Dartiguelongue)
#439186: fix some bad mnemonics, mark string for translation. (Andre Klapper)
#440075: Enable customized alarms to work correctly (Matthew Barnes)
#442631: Added support for multimedia keys (Bastien Nocera)
#443659: Fix size and alignment mis-match in the evolution preferences window (Vinod)
#444107: Allow adding of image attachments to HTML composer (Srinivasa Ragavan)
#444248: Fix a crash in solaris (Wang Xin)
#444289: Allow the "test" component to build (Tobias Mueller)
#444548: Included files for translating strings for "Advanced search options" (Andr
e Klapper)
#444747: Fix a build break (Daniel Gryniewicz)
#445793: Addressbook conduit now loads correctly (Gilles Dartiguelongue)
#445812: Included missing icons in popups (Gilles Dartiguelongue)
#446015: Improved "Define views" dialog (Gilles Dartiguelongue)
#446870: Set the correct size of the duplicate contact warning window (Srinivasa Ragavan)
#447727: Improve display of label text (Matthew Barnes)
#447742: Plug a memory leak (Matthew Barnes)
#448201: Add translation domain (Gabor Kelemen)
#448223: Remove duplicated function string_without_underscores (Gilles Dartiguelongue)
Updated Translations:
Priit Laes (et)
Jorge Gonzalez (es)
Daniel Nylander (sv)
Pema Geyleg (dz)
Kjartan Maraas (nb)
Evolution-data-server:
=====================
Bug fixes:
#312854: Fix a hang while renaming folders twice for exchange (Matthew Barnes)
#331099: Fix calculation of array index to avoid negative values (Matthew Barnes)
#344728: Add headers for Sun Kerberos v5 (Irene Huang)
#352284: Do not fetch the message from server - instead use the header
information to calculate the expiry period. (Veerapuram Varadhan)
#437751: Fix time display in Windows (Andreas K�r)
#443705: Fixed build break due to incorrect macro (Lo�Minier)
#443958: Add support for help string. (Sebastien Tandel)
#447414: Security Fix - negative index of an array (Philip Van Hoof)
#447753, #447749: Fix a memory leak (Matthew Barnes)
#448589: Add support for automake 1.6 (Tobias Mueller)
Other Contributors:
Check entire IMAP4 summary to remove non-existent messages (Jeffrey
Stedfast)
Fetches "Sent Items" in all folders. Also, fixed some bugs in moving
mails across folders. (Sankar P)
Addressbook fixes (Ross Burton)
Updated Translations:
Priit Laes (et)
Pema Geyleg (dz)
Jorge Gonzalez (es)
Evolution-Exchange:
===================
Bug Fixes:
#444101: Fix new compiler warnings since 2.11.2 (Matthew Barnes)
#385354: Fix build break on Solaris (Wang Xin)
Updated Translations:
Pema Geyleg (dz)
GtkHTML
=======
New in 3.15.4:
Added support for magic spacebar to browse till end of the document
and return status if end is reached. (Srinivasa Ragavan)
Bug fixes:
#443219: Crash when definding frames with out inner frames (Milan Crha)
#444104: Removed space after trailing slash, fixes build problem
with automake 1.6. (Nickolay V. Shmyrev)
Updated Translations:
Pema Geyleg (dz)
Jakub Friedl (cs)
Reporting Bugs
If you have problems with 2.11.4, please take the time to submit the bug
using Bug Buddy or at http://bugzilla.gnome.org. Try to fill in as much
detail as you can regarding the circumstances that lead to the problem.
If you have a feature request, you can also file that at
http://bugzilla.gnome.org/ don't be discouraged if you don't hear from
us right away, we get hundreds of feature requests a year.
You can also check if your bug has been reported before by using the
search functionality of Bugzilla.
More information is available at the project website
http://www.gnome.org/projects/evolution and the project wiki :
http://go-evolution.org/
Thanks,
Srini
|
|
