From owner-freebsd-security Fri Mar 21 11:29:32 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32F2637B404 for ; Fri, 21 Mar 2003 11:29:29 -0800 (PST) Received: from smtp.comcast.net (smtp-out.comcast.net [24.153.64.109]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87E6B43FE3 for ; Fri, 21 Mar 2003 11:29:26 -0800 (PST) (envelope-from apeiron@comcast.net) Received: from [192.168.1.100] (pcp01380957pcs.levtwn01.pa.comcast.net [68.81.162.166]) by mtaout11.icomcast.net (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003)) with ESMTP id <0HC40005O651GU@mtaout11.icomcast.net> for security@freebsd.org; Fri, 21 Mar 2003 14:29:26 -0500 (EST) Date: Fri, 21 Mar 2003 14:29:44 -0500 From: Christopher Nehren Subject: [Fwd: GLSA: evolution (200303-18)] To: security@freebsd.org Message-id: <1048274983.13593.29.camel@prophecy.dyndns.org> Organization: MIME-version: 1.0 X-Mailer: Ximian Evolution 1.2.2 Content-type: multipart/signed; boundary="=-qfIE1ZQzjr+cfQQCf13v"; protocol="application/pgp-signature"; micalg=pgp-sha1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-qfIE1ZQzjr+cfQQCf13v Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Not released by the FreeBSD team, but AFAIK the version in ports is also vulnerable.=20 -----Forwarded Message----- > From: Daniel Ahlberg > To: bugtraq@securityfocus.com > Subject: GLSA: evolution (200303-18) > Date: 21 Mar 2003 17:02:15 +0100 >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > - - --------------------------------------------------------------------- > GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 > - - --------------------------------------------------------------------- >=20 > PACKAGE : evolution > SUMMARY : multiple vulnerabilities > DATE : 2003-03-21 16:02 UTC > EXPLOIT : remote > VERSIONS AFFECTED : <1.2.3 > FIXED VERSION : >=3D1.2.3 > CVE : CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 >=20 > - - --------------------------------------------------------------------- >=20 > - From advisory: >=20 > "Three vulnerabilities were found that could lead to various forms of=20 > exploitation ranging from denying to users the ability to read email,=20 > provoke system unstability, bypassing security context checks for=20 > email content and possibly execution of arbitrary commands on=20 > vulnerable systems." >=20 > Read the full advisory at: > http://www.coresecurity.com/common/showdoc.php?idx=3D309&idxseccion=3D10 >=20 > SOLUTION >=20 > It is recommended that all Gentoo Linux users who are running > net-mail/evolution upgrade to evolution-1.2.3 as follows: >=20 > emerge sync > emerge evolution > emerge clean >=20 > - - --------------------------------------------------------------------- > aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz > - - --------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) >=20 > iD8DBQE+ezeDfT7nyhUpoZMRAqgFAKCMJiPWrcXzncBhgk1/lQ6F1qvdPwCff0L8 > puU/UmXZptBvDuVLe66YBNg=3D > =3D7I0C > -----END PGP SIGNATURE----- --=-qfIE1ZQzjr+cfQQCf13v Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+e2gnUdqurN0fljsRAu5MAKCQsCuxDiQsv/lBab6vGtcKQ7qz4QCgl5+t ViLV9ny1Ie0rkIo0ga5y4lY= =Ptgt -----END PGP SIGNATURE----- --=-qfIE1ZQzjr+cfQQCf13v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message