LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ubuntu alert USN-69-1 (evolution)



From:
    	      Martin Pitt <martin.pitt@canonical.com>


To:
    	      ubuntu-security-announce@lists.ubuntu.com


Subject:
    	      [USN-69-1] Evolution vulnerability


Date:
    	      Mon, 24 Jan 2005 15:19:48 +0100


Cc:
    	      bugtraq@securityfocus.com, full-disclosure@lists.netsys.com


===========================================================
Ubuntu Security Notice USN-69-1		   January 24, 2005
evolution vulnerability
CAN-2005-0102
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

evolution

The problem can be corrected by upgrading the affected package to
version 2.0.2-0ubuntu2.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Max Vozeler discovered an integer overflow in camel-lock-helper. An
user-supplied length value was not validated, so that a value of -1
caused a buffer allocation of 0 bytes; this buffer was then filled by
an arbitrary amount of user-supplied data.

A local attacker or a malicious POP3 server could exploit this to
execute arbitrary code with root privileges (because camel-lock-helper
is installed as setuid root).

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5:    50511 bbbfa6cdc735c71fb574a3a12f836a1a

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5:     1186 1f83476cf5dcbd02bf7b984d3dcf480d

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5: 20925198 7b3c1b6b7f67c548d7e45bf2ed7abd0f

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5:    16622 2cf68cec4ccb92d5ffd7982602efc08c

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5:    39674 850a2060b158ea4e34197f8ec7f6d356

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5:   134284 194ff4092d8e0379dcd21b86af35ae75

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5: 10437562 a312639431700cce925f7a1875dfc022

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5:   134272 1c57a9b6c78e6808b831a65772aefdb9

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5: 10201710 306466a195cebf0ef513b62836c3dd66

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5:   134288 4d1607ab2f239fca5516fc8f2fee1fca

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/e...
      Size/MD5: 10255176 6f832b0fbe274cfc4d9c183df3f98075

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds