[TriLUG] Multiple vulnerabilities identified in Evolution MUA

Mike Broome mbroome at employees.org
Fri Mar 21 09:33:46 EST 2003


Red Hat has updates to the Evolution rpms to address these
vulnerabilities.  See the following post to the redhat-watch-list:

  https://listman.redhat.com/pipermail/redhat-watch-list/2003-March/000650.html

Before anybody shoots the messenger (me) ...  other distros probably
either already have updates or soon will.  Check your favorite distro
news site or repository if you're interested.

Mike

On Thu, Mar 20, 2003 at 10:57:59AM -0500, Mike Broome wrote:
> Three vulnerabilities in Evolution have been found:
> 
> * transparent decoding of uuencoded attachments; by including a
>   specially crafted UUE header as part of an otherwise perfectly normal
>   email an attacker has the ability to crash Evolution as soon as the
>   mail is parsed
> 
> * resource starvation (exhausting memory) when processing uuencoded
>   mail content multiple times
> 
> * with a specially crafted MIME Content-ID header as part of an image/*
>   MIME part, it is possible to include arbitrary data, including HTML
>   tags, into the stream that is passed to GTKHtml for rendering
> 
> Here's the link to the full advisory
> 
>   http://www.securityfocus.com/advisories/5134
> 
> 
> Mike

-- 
Mike Broome
mbroome(at)employees.org



More information about the TriLUG mailing list