SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Client)  >   GNOME Evolution Vendors:   Gnome Development Team
GNOME Evolution GData SEQUENCE Values Permit Remote Code Execution
SecurityTracker Alert ID:  1018284
SecurityTracker URL:  http://securitytracker.com/id/1018284
CVE Reference:   CVE-2007-3257   (Links to External Site)
Date:  Jun 25 2007
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.11.4
Description:   A vulnerability was reported in GNOME Evolution. A remote user can execute arbitrary code on the target system in certain cases.

A remote IMAP server can send a specially crafted negative SEQUENCE value in GData to execute arbitrary code on the connected target client. The code will run with the privileges of the target client.

The flaw resides in 'camel-imap-folder.c' in the Evolution Data Server component.
Impact:   A remote server can execute arbitrary code on the connected target system.
Solution:   The vendor has issued a fixed version (2.11.4).
Vendor URL:  www.gnome.org/projects/evolution/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 25 2007 (Red Hat Issues Fix) GNOME Evolution GData SEQUENCE Values Permit Remote Code Execution   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 3 and 4.
Jun 25 2007 (Red Hat Issues Fix) GNOME Evolution GData SEQUENCE Values Permit Remote Code Execution   (bugzilla@redhat.com)
Red Hat has released a fix for evolution-data-server on Red Hat Enterprise Linux 5.


 Source Message Contents
Date:  Tue, 19 Jun 2007 11:01:09 +0530
Subject:  [Evolution-hackers] Evolution 2.11.4 , Evolution-Data-Server 1.11.4 , GtkHTML 3.15.4 and Evolution-Exchange 2.11.4 released

Hi All,

The Evolution Team is pleased to announce the release of Evolution
2.11.4

You can download the following :

http://ftp.acc.umu.se/pub/gnome/sources/gtkhtml/3.15/gtkhtml-3.15.4.tar.bz2
http://ftp.acc.umu.se/pub/gnome/sources/evolution-data-server/1.11/evolution-data-server-1.11.4.tar.bz2
http://ftp.acc.umu.se/pub/gnome/sources/evolution/2.11/evolution-2.11.4.tar.bz2
http://ftp.acc.umu.se/pub/gnome/sources/evolution-exchange/2.11/evolution-exchange-2.11.4.tar.bz2

Upgrade Notes :
Evolution 2.11.x is the unstable series of 2.12 development.

What is New ?
=============

Evolution:
==========

New in 2.11.4:
        
        Add initial support for the Magic Space Bar (Mutt) to read unread emails in 
        all folders.  (Srinivasa Ragavan)
	Portugese help files (Duarte Loreto)

Bug fixes:
        #257118: Clear button is now getting disabled after clearing the search (Milan Crha)
        #263207: Advanced Search "Remove" button is now inactive (Milan Crha)
        #325882: Fix some of the window /dialog positions (Milan Crha)
        #330175: Added helper function which test selection for non-space characters. (Milan Crha)
        #344728: Add configuration option for Sun Kerberos v5 (Irene Huang)
        #386503: Fix a minor typo in Makefile.am (Gilles Dartiguelongue)
        #428328: Move away from popt to GOptions (Ghislain MARY)
        #437584, 437935: More compilation warnings cleanup (Gilles Dartiguelongue)
        #439186: fix some bad mnemonics, mark string for translation. (Andre Klapper)
        #440075: Enable customized alarms to work correctly (Matthew Barnes)
        #442631: Added support for multimedia keys (Bastien Nocera)
        #443659: Fix size and alignment mis-match in the evolution preferences window (Vinod)
        #444107: Allow adding of image attachments to HTML composer (Srinivasa Ragavan)
        #444248: Fix a crash in solaris (Wang Xin)
        #444289: Allow the "test" component to build (Tobias Mueller)
        #444548: Included files for translating strings for "Advanced search options" (Andre Klapper)
        #444747: Fix a build break (Daniel Gryniewicz)
        #445793: Addressbook conduit now loads correctly (Gilles Dartiguelongue)
        #445812: Included missing icons in popups (Gilles Dartiguelongue)
        #446015: Improved "Define views" dialog (Gilles Dartiguelongue)
        #446870: Set the correct size of the duplicate contact warning window (Srinivasa Ragavan)
        #447727: Improve display of label text (Matthew Barnes)
        #447742: Plug a memory leak (Matthew Barnes)
        #448201: Add translation domain (Gabor Kelemen)
        #448223: Remove duplicated function string_without_underscores (Gilles Dartiguelongue)

Updated Translations:
        Priit Laes (et)
        Jorge Gonzalez (es)
        Daniel Nylander (sv)
        Pema Geyleg (dz)
        Kjartan Maraas (nb)

	
Evolution-data-server:
=====================


Bug fixes:
        #312854: Fix a hang while renaming folders twice for exchange (Matthew Barnes)
        #331099: Fix calculation of array index to avoid negative values (Matthew Barnes)
        #344728: Add headers for Sun Kerberos v5 (Irene Huang)
        #352284: Do not fetch the message from server - instead use the header 
		 information to calculate the expiry period. (Veerapuram Varadhan)
        #437751: Fix time display in Windows (Andreas K�r)
        #443705: Fixed build break due to incorrect macro (Lo�Minier)
        #443958: Add support for help string. (Sebastien Tandel)
        #447414: Security Fix - negative index of an array (Philip Van Hoof)
        #447753, #447749: Fix a memory leak (Matthew Barnes)
        #448589: Add support for automake 1.6 (Tobias Mueller)

Other Contributors:
        Check entire IMAP4 summary to remove non-existent messages (Jeffrey
         Stedfast)
        Fetches "Sent Items" in all folders. Also, fixed some bugs in moving
         mails across folders. (Sankar P)
	Addressbook fixes (Ross Burton)

Updated Translations:
        Priit Laes (et)
        Pema Geyleg (dz)
        Jorge Gonzalez (es)


Evolution-Exchange:
===================

Bug Fixes:
        #444101: Fix new compiler warnings since 2.11.2 (Matthew Barnes)
        #385354: Fix build break on Solaris (Wang Xin)

Updated Translations:
        Pema Geyleg (dz)


GtkHTML
=======

New in 3.15.4:
        Added support for magic spacebar to browse till end of the document
         and return status if end is reached. (Srinivasa Ragavan)

Bug fixes:
        #443219: Crash when definding frames with out inner frames (Milan Crha)
        #444104: Removed space after trailing slash, fixes build problem
   	      	 with automake 1.6. (Nickolay V. Shmyrev)

Updated Translations:
        Pema Geyleg (dz)
        Jakub Friedl (cs)


Reporting Bugs

If you have problems with 2.11.4, please take the time to submit the bug
using Bug Buddy or at http://bugzilla.gnome.org.  Try to fill in as much
detail as you can regarding the circumstances that lead to the problem.

If you have a feature request, you can also file that at
http://bugzilla.gnome.org/ don't be discouraged if you don't hear from
us right away, we get hundreds of feature requests a year.

You can also check if your bug has been reported before by using the
search functionality of Bugzilla.

More information is available at the project website
http://www.gnome.org/projects/evolution and the project wiki :
http://go-evolution.org/

Thanks,
Srini


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC