Ubuntu 6585 Published by

A new Evolution vulnerability update is available for Ubuntu Linux. Here the announcement:



Ubuntu Security Notice USN-583-1 March 05, 2008
evolution vulnerability
CVE-2008-0072
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
evolution 2.6.1-0ubuntu7.2

Ubuntu 6.10:
evolution 2.8.1-0ubuntu4.2

Ubuntu 7.04:
evolution 2.10.1-0ubuntu2.1

Ubuntu 7.10:
evolution 2.12.1-0ubuntu1.1

After a standard system upgrade you need to restart Evolution to effect
the necessary changes.

Details follow:

Ulf Harnhammar discovered that Evolution did not correctly handle format
strings when processing encrypted emails. A remote attacker could exploit
this by sending a specially crafted email, resulting in arbitrary code
execution.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1=
-0ubuntu7.2.diff.gz
Size/MD5: 203646 3015e8026cd5a91df8cb673c5fc39d40
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1=
-0ubuntu7.2.dsc
Size/MD5: 1402 0a32038fe5e071cb4c12935acf639c02
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1=
.orig.tar.gz
Size/MD5: 17037346 e2ba35f5eaa324d0eb552c1c87405042

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.6.1-0ubuntu7.2_amd64.deb
Size/MD5: 6578230 ef179b357cb7b454ae8393a366021314
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.6.1-0ubuntu7.2_amd64.deb
Size/MD5: 216368 2d6ed392b174e90f21163fcc2163996c
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.6.1-0ubuntu7.2_amd64.deb
Size/MD5: 333036 9583853b8fc369d9e991f20d25a92d53
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1=
-0ubuntu7.2_amd64.deb
Size/MD5: 4956256 897c8ff77d8826f2e3c66219c093a7e2

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.6.1-0ubuntu7.2_i386.deb
Size/MD5: 5741688 8d351e2a18ffa7de3009dd954b140f61
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.6.1-0ubuntu7.2_i386.deb
Size/MD5: 216404 c75bba76d46736190548a063af944501
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.6.1-0ubuntu7.2_i386.deb
Size/MD5: 304890 3fa8a69f8fbaffed47da761c0a7ce554
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1=
-0ubuntu7.2_i386.deb
Size/MD5: 4696720 155764faf320f37775cec333b9860a0d

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.6.1-0ubuntu7.2_powerpc.deb
Size/MD5: 6513184 d710da9eb147e08928020cee44565b18
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.6.1-0ubuntu7.2_powerpc.deb
Size/MD5: 216408 48c0b9b3bd11332e796a3bba406ad990
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.6.1-0ubuntu7.2_powerpc.deb
Size/MD5: 348230 8b3f5779fd665287f97f91ed68974571
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1=
-0ubuntu7.2_powerpc.deb
Size/MD5: 4838748 e94f9f1cb37ad60da4e7a9ba71607edb

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.6.1-0ubuntu7.2_sparc.deb
Size/MD5: 5824958 a1e84f2d584e46c40885b83498bf44a3
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.6.1-0ubuntu7.2_sparc.deb
Size/MD5: 216442 431edde18d17dcea720845998d07beb8
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.6.1-0ubuntu7.2_sparc.deb
Size/MD5: 304852 6b5b4d337f54af40bd98a57315da5b5b
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6.1=
-0ubuntu7.2_sparc.deb
Size/MD5: 4781836 6868fc03608119df8aa837556756be84

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1=
-0ubuntu4.2.diff.gz
Size/MD5: 362867 c15866200e4d0b7e0e78895cf8e6fbc0
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1=
-0ubuntu4.2.dsc
Size/MD5: 1373 f78da23f7ff3d726376659333ed21dee
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1=
.orig.tar.gz
Size/MD5: 17782443 0ce38f1ae7992e00eec3414e62cb3a59

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.8.1-0ubuntu4.2_amd64.deb
Size/MD5: 6569214 c98c86c7f54f44f904b6b2f46db06d8d
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.8.1-0ubuntu4.2_amd64.deb
Size/MD5: 212428 a5f0b0647e9caa73e0da8024801754eb
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.8.1-0ubuntu4.2_amd64.deb
Size/MD5: 124114 cd31ef1f61924092dce2ea3b59d30d56
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1=
-0ubuntu4.2_amd64.deb
Size/MD5: 5341254 073a1cb3846675a84ee03cf150d32733

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.8.1-0ubuntu4.2_i386.deb
Size/MD5: 6183708 68f4f445ea20a62fab5939c4efa0add5
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.8.1-0ubuntu4.2_i386.deb
Size/MD5: 212484 83e502706ad5f53ccbeba4234d98064e
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.8.1-0ubuntu4.2_i386.deb
Size/MD5: 119126 d064848f9f685b148b3c0ceda43fb52a
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1=
-0ubuntu4.2_i386.deb
Size/MD5: 5143158 acca4640a33498e41f0e6f4461271672

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.8.1-0ubuntu4.2_powerpc.deb
Size/MD5: 6567194 8aed4b3cdf709f34fcc60b5067bcf4dd
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.8.1-0ubuntu4.2_powerpc.deb
Size/MD5: 212446 00462788cb67e75cac1e2687c20e6ffc
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.8.1-0ubuntu4.2_powerpc.deb
Size/MD5: 132302 9650f4d2f13a3fd573ed8a39ea05f802
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1=
-0ubuntu4.2_powerpc.deb
Size/MD5: 5242744 68d3c8fcef84a0b9d5f23e37b57cdc4a

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.8.1-0ubuntu4.2_sparc.deb
Size/MD5: 6084210 3aa6eb0c11ad1d02b19f482b1d2ea554
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.8.1-0ubuntu4.2_sparc.deb
Size/MD5: 212440 f024f02f296d8f7e3ca78c2c4ca0560e
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.8.1-0ubuntu4.2_sparc.deb
Size/MD5: 117344 f0182a162e3f9086ad569c7af0eab6fb
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.8.1=
-0ubuntu4.2_sparc.deb
Size/MD5: 5152234 531bcc5955ab7244661c6c89df540669

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.=
1-0ubuntu2.1.diff.gz
Size/MD5: 210525 bbf6602b7424c10413186f474b000a44
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.=
1-0ubuntu2.1.dsc
Size/MD5: 2018 40f16cda1b6747a92097590ea38d361b
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.=
1.orig.tar.gz
Size/MD5: 20875752 43db33a2608916fbbecbb794b7de0924

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-commo=
n_2.10.1-0ubuntu2.1_all.deb
Size/MD5: 19353724 c5d08b1384dd44641160b871ee2fe103

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.10.1-0ubuntu2.1_amd64.deb
Size/MD5: 6713478 112289645affd984a37285f58ebe897e
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.10.1-0ubuntu2.1_amd64.deb
Size/MD5: 216464 d9c7862e8bcb8ff36c04a8d7df1747dc
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.10.1-0ubuntu2.1_amd64.deb
Size/MD5: 136364 9acdc7d7aef9203752040e7d7e5e66c8
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.=
1-0ubuntu2.1_amd64.deb
Size/MD5: 2735950 250c738aa9d279a963edd7e05f70b82e
http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-p=
lugins-experimental_2.10.1-0ubuntu2.1_amd64.deb
Size/MD5: 97482 80934a6ad6a87f6d9d83a854852a8fc8

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.10.1-0ubuntu2.1_i386.deb
Size/MD5: 6308966 66e5b0c67e627fd4522b31b69ea7412c
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.10.1-0ubuntu2.1_i386.deb
Size/MD5: 216470 46ce1c31dacf33ce573e34907c29fc52
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.10.1-0ubuntu2.1_i386.deb
Size/MD5: 130052 c4c34cbb1f3ba84a6f860bda37d2438b
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.=
1-0ubuntu2.1_i386.deb
Size/MD5: 2538582 8c10f0f7e2436f90b97c944626af7358
http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-p=
lugins-experimental_2.10.1-0ubuntu2.1_i386.deb
Size/MD5: 95458 96dbd649345ccf28d136ddad0bc37abd

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.10.1-0ubuntu2.1_powerpc.deb
Size/MD5: 6706266 b9494ad95c9d8f745c07a4b03cab1968
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.10.1-0ubuntu2.1_powerpc.deb
Size/MD5: 216502 e52c30e799d45d9d3bf91ed126450fe7
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.10.1-0ubuntu2.1_powerpc.deb
Size/MD5: 154936 6a73224d57197990599c5d142a93f683
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.=
1-0ubuntu2.1_powerpc.deb
Size/MD5: 2872602 51453f79dddd31e5de608c8dec4c9048
http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-p=
lugins-experimental_2.10.1-0ubuntu2.1_powerpc.deb
Size/MD5: 104428 1db598c653e13553032051bc798bb5cb

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.10.1-0ubuntu2.1_sparc.deb
Size/MD5: 6216208 da4de3678bd78b3c9937f2f85836704d
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.10.1-0ubuntu2.1_sparc.deb
Size/MD5: 216490 f9da62d91cd684225be9c5c2b14331fd
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.10.1-0ubuntu2.1_sparc.deb
Size/MD5: 128202 4264e009fe03d3aab9ba1841314ce513
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.10.=
1-0ubuntu2.1_sparc.deb
Size/MD5: 2552070 0cdcedf7d8716d3633158a2fc2add910
http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-p=
lugins-experimental_2.10.1-0ubuntu2.1_sparc.deb
Size/MD5: 94894 d338c0e9446143d2abccf48caf3a3f99

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.=
1-0ubuntu1.1.diff.gz
Size/MD5: 48036 1305c81cab45e86f185787558f14cad2
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.=
1-0ubuntu1.1.dsc
Size/MD5: 2086 d693e3bfcd22c01552b2e46af2ef3a61
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.=
1.orig.tar.gz
Size/MD5: 31711081 48e74dcff2636e0e66dca303a91c9b93

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-commo=
n_2.12.1-0ubuntu1.1_all.deb
Size/MD5: 11054864 cb8be3e829748afe1b1752b6d02abe6c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.12.1-0ubuntu1.1_amd64.deb
Size/MD5: 6649232 d3dca779a3027a3e14a8c706dd3f5f30
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.12.1-0ubuntu1.1_amd64.deb
Size/MD5: 143376 55e0d93294f69687d3b03cf99bb92e32
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.12.1-0ubuntu1.1_amd64.deb
Size/MD5: 78222 041216f9e71e37f8bdbcb7d590774a98
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.=
1-0ubuntu1.1_amd64.deb
Size/MD5: 2732316 e8f4df81d2e1ee6114e7191dfffe884a
http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-p=
lugins-experimental_2.12.1-0ubuntu1.1_amd64.deb
Size/MD5: 18712 45681ea24febcdf441670619ff89e15f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.12.1-0ubuntu1.1_i386.deb
Size/MD5: 6274290 ba9442d1736383e90a0dde247d6e119c
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.12.1-0ubuntu1.1_i386.deb
Size/MD5: 143350 42b646fe4c3e8339e0d512b541e428fb
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.12.1-0ubuntu1.1_i386.deb
Size/MD5: 68532 d0e1317e7ffc6e6171d20e4e7d14a2c2
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.=
1-0ubuntu1.1_i386.deb
Size/MD5: 2520532 130647d772e4f13327aee570770f2c16
http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-p=
lugins-experimental_2.12.1-0ubuntu1.1_i386.deb
Size/MD5: 17066 ffe88bb399261addf7d6206290ff8815

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.12.1-0ubuntu1.1_powerpc.deb
Size/MD5: 6657670 b8b653c41b564656a4e9ef5d3882f349
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.12.1-0ubuntu1.1_powerpc.deb
Size/MD5: 143360 f55a0cbbd5cdbbf787046fdef8c81c34
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.12.1-0ubuntu1.1_powerpc.deb
Size/MD5: 98806 54d900d851b2d3a0cbf860b04887738f
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.=
1-0ubuntu1.1_powerpc.deb
Size/MD5: 2866636 a62c9fbbfe8fc8be3775d0927b0d7ed0
http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-p=
lugins-experimental_2.12.1-0ubuntu1.1_powerpc.deb
Size/MD5: 24232 e80987ecc42fcd7751aa254ea074c2a6

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_2=
.12.1-0ubuntu1.1_sparc.deb
Size/MD5: 6166402 589524dfb5fe8beff850740e3941dcf1
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_2=
.12.1-0ubuntu1.1_sparc.deb
Size/MD5: 143368 4b1014bc231eca798e9878f3d7d3d102
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plugi=
ns_2.12.1-0ubuntu1.1_sparc.deb
Size/MD5: 67160 8dc1187380fb7e8e1096bea2fa070de2
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.12.=
1-0ubuntu1.1_sparc.deb
Size/MD5: 2539100 e7745a59c031ddd134cd7125de79bd9a
http://security.ubuntu.com/ubuntu/pool/universe/e/evolution/evolution-p=
lugins-experimental_2.12.1-0ubuntu1.1_sparc.deb
Size/MD5: 16452 0c3fe63f5f1b911e80e71a609b8b1b61


--A9z/3b/E4MkkD+7G
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHzwSIH/9LqRcGPm0RAkUTAJ9a9iaARRy+beHyPslH09uiij7PrACeJf5w
h96ZpAaEGPhZPUAhb4OQfck=
=L2Fg
-----END PGP SIGNATURE-----