LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

evolution: arbitrary code execution

Package(s):evolution CVE #(s):CVE-2008-1109
Created:June 4, 2008 Updated:June 26, 2008
Description:

From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long "DESCRIPTION" property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code could be executed as the user running Evolution. (CVE-2008-1109).

Alerts:
CentOS CESA-2008:0514 2008-06-26
Gentoo 200806-06 2008-06-16
SuSE SUSE-SA:2008:028 2008-06-13
Mandriva MDVSA-2008:111 2008-06-10
Ubuntu USN-615-1 2008-06-06
Fedora FEDORA-2008-5018 2008-06-06
Fedora FEDORA-2008-5016 2008-06-06
Fedora FEDORA-2008-4990 2008-06-06
CentOS CESA-2008:0515 2008-06-04
Red Hat RHSA-2008:0515-01 2008-06-04
Red Hat RHSA-2008:0514-01 2008-06-04
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds