SuSE Update For Evolution SUSE-SA:2008:014 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

Evolution is a personal information manager (PIM) and workgroup information management software. The function emf_multipart_encrypted() that is used to process encrypted messages is vulnerable to format-string bugs. This bug can be abused by a remote attacker to execute arbitrary code by sending a crafted encrypted eMail.

Affected

evolution on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1

References

http://www.novell.com/linux/security/advisories/2008_14_evolution.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0072

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SLES10: Security update for compat-openssl097g
SLES10: Security update for libvorbis
SLES10: Security update for gstreamer
SLES10: Security update for libtiff
SLES10: Security update for neon

SuSE Update for evolution SUSE-SA:2008:014

Take action and discover your vulnerabilities