Detections
Analytics
RHEL 5 : evolution (RHSA-2007:0158)
medium Nessus Plugin ID 25327
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 5.This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Evolution is the GNOME collection of personal information management (PIM) tools.
A format string bug was found in the way Evolution parsed the category field in a memo. If a user tried to save and then view a carefully crafted memo, arbitrary code may be executed as the user running Evolution. (CVE-2007-1002)
This flaw did not affect the versions of Evolution shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.
Red Hat would like to thank Ulf Harnhammar of Secunia Research for reporting this issue.
Solution
Update the affected evolution and / or evolution-devel packages.See Also
Plugin Details
Severity: Medium
ID: 25327
File Name: redhat-RHSA-2007-0158.nasl
Version: 1.24
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 5/25/2007
Updated: 1/14/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:evolution, p-cpe:/a:redhat:enterprise_linux:evolution-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 5/3/2007
Vulnerability Publication Date: 3/21/2007
Reference Information
CVE: CVE-2007-1002
RHSA: 2007:0158