SuSE Update For Evolution SUSE-SA:2008:014 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

Evolution is a personal information manager (PIM) and workgroup information management software. The function emf_multipart_encrypted() that is used to process encrypted messages is vulnerable to format-string bugs. This bug can be abused by a remote attacker to execute arbitrary code by sending a crafted encrypted eMail.

Affected

evolution on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1

References

http://www.novell.com/linux/security/advisories/2008_14_evolution.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0072
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SLES10: Security update for ethereal
SLES10: Security update for CUPS
SLES10: Security update for compat-openssl097g
SLES10: Security update for evolution-data-server
SLES10: Security update for NetworkManager

SuSE Update for evolution SUSE-SA:2008:014

Take action and discover your vulnerabilities