Summary
Ubuntu Update for Linux kernel vulnerabilities USN-615-1
Solution
Please Install the Updated Packages.
Insight
Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate timezone data when processing iCalendar attachments.
If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or possibly execute code with user privileges. Note that the ITip Formatter plugin is enabled by default in Ubuntu. (CVE-2008-1108)
Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker code cause a denial of service or execute code with user privileges. (CVE-2008-1109)
Matej Cepl discovered that Evolution did not properly validate date fields when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service. Note that the ITip Formatter plugin is enabled by default in Ubuntu.
Affected
evolution vulnerabilities on Ubuntu 6.06 LTS ,
Ubuntu 7.04 ,
Ubuntu 7.10 ,
Ubuntu 8.04 LTS
Severity
Classification
-
CVE CVE-2008-1108, CVE-2008-1109 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities