Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
Multiple buffer overflows have been fixed in Evolution.
CVE-2008-1108: A buffer overflow in Evolution, when the ITip Formatter plugin is disabled, allows remote attackers potentially to execute arbitrary code via a long timezone string in an iCalendar attachment.
CVE-2008-1109: A heap-based buffer overflow in Evolution allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
Affected
evolution on openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SLE SDK 10 SP2, SUSE Linux Enterprise Desktop 10 SP2, SUSE Linux Enterprise 10 SP2 DEBUGINFO
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1108, CVE-2008-1109 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities