Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2008-1109
Vulnerability from cvelistv5
Published
2008-06-04 20:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:08:57.396Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2008-5018", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html", }, { name: "ADV-2008-1732", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1732/references", }, { name: "30298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30298", }, { name: "FEDORA-2008-5016", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html", }, { name: "30564", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30564", }, { name: "SUSE-SA:2008:028", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html", }, { name: "RHSA-2008:0515", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0515.html", }, { name: "GLSA-200806-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200806-06.xml", }, { name: "30571", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30571", }, { name: "FEDORA-2008-4990", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html", }, { name: "evolution-icalendar-description-bo(42826)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826", }, { name: "1020170", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020170", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-23/advisory/", }, { name: "RHSA-2008:0514", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0514.html", }, { name: "30716", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30716", }, { name: "30527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30527", }, { name: "29527", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29527", }, { name: "30702", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30702", }, { name: "MDVSA-2008:111", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111", }, { name: "oval:org.mitre.oval:def:10337", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337", }, { name: "USN-615-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-615-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-04T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { name: "FEDORA-2008-5018", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html", }, { name: "ADV-2008-1732", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1732/references", }, { name: "30298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30298", }, { name: "FEDORA-2008-5016", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html", }, { name: "30564", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30564", }, { name: "SUSE-SA:2008:028", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html", }, { name: "RHSA-2008:0515", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0515.html", }, { name: "GLSA-200806-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200806-06.xml", }, { name: "30571", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30571", }, { name: "FEDORA-2008-4990", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html", }, { name: "evolution-icalendar-description-bo(42826)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826", }, { name: "1020170", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020170", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-23/advisory/", }, { name: "RHSA-2008:0514", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0514.html", }, { name: "30716", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30716", }, { name: "30527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30527", }, { name: "29527", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29527", }, { name: "30702", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30702", }, { name: "MDVSA-2008:111", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111", }, { name: "oval:org.mitre.oval:def:10337", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337", }, { name: "USN-615-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-615-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-1109", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2008-5018", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html", }, { name: "ADV-2008-1732", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1732/references", }, { name: "30298", refsource: "SECUNIA", url: "http://secunia.com/advisories/30298", }, { name: "FEDORA-2008-5016", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html", }, { name: "30564", refsource: "SECUNIA", url: "http://secunia.com/advisories/30564", }, { name: "SUSE-SA:2008:028", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html", }, { name: "RHSA-2008:0515", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0515.html", }, { name: "GLSA-200806-06", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200806-06.xml", }, { name: "30571", refsource: "SECUNIA", url: "http://secunia.com/advisories/30571", }, { name: "FEDORA-2008-4990", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html", }, { name: "evolution-icalendar-description-bo(42826)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826", }, { name: "1020170", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020170", }, { name: "http://secunia.com/secunia_research/2008-23/advisory/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-23/advisory/", }, { name: "RHSA-2008:0514", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0514.html", }, { name: "30716", refsource: "SECUNIA", url: "http://secunia.com/advisories/30716", }, { name: "30527", refsource: "SECUNIA", url: "http://secunia.com/advisories/30527", }, { name: "29527", refsource: "BID", url: "http://www.securityfocus.com/bid/29527", }, { name: "30702", refsource: "SECUNIA", url: "http://secunia.com/advisories/30702", }, { name: "MDVSA-2008:111", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111", }, { name: "oval:org.mitre.oval:def:10337", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337", }, { name: "USN-615-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-615-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-1109", datePublished: "2008-06-04T20:00:00", dateReserved: "2008-02-29T00:00:00", dateUpdated: "2024-08-07T08:08:57.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2008-1109\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2008-06-04T20:32:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de Búfer basado en montículo en Evolution 2.22.1 permite a atacantes remotos asistidos por el usuario, ejecutar código arbitrariamente mediante una propiedad DESCRIPTION larga en un adjunto iCalendar, que no es gestionado correctamente durante una respuesta en la vista de calendario (también conocida como ventana de Calendarios).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFFCC802-9313-4B56-97A8-9A18F04799DE\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30298\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30527\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30564\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30571\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30702\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30716\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/secunia_research/2008-23/advisory/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200806-06.xml\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:111\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0514.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0515.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/bid/29527\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securitytracker.com/id?1020170\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-615-1\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1732/references\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42826\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30571\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30702\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/secunia_research/2008-23/advisory/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200806-06.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0514.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0515.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-615-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1732/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
gsd-2008-1109
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
Aliases
Aliases
{ GSD: { alias: "CVE-2008-1109", description: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", id: "GSD-2008-1109", references: [ "https://www.suse.com/security/cve/CVE-2008-1109.html", "https://access.redhat.com/errata/RHSA-2008:0515", "https://access.redhat.com/errata/RHSA-2008:0514", "https://linux.oracle.com/cve/CVE-2008-1109.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2008-1109", ], details: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", id: "GSD-2008-1109", modified: "2023-12-13T01:23:03.541702Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-1109", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2008-5018", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html", }, { name: "ADV-2008-1732", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1732/references", }, { name: "30298", refsource: "SECUNIA", url: "http://secunia.com/advisories/30298", }, { name: "FEDORA-2008-5016", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html", }, { name: "30564", refsource: "SECUNIA", url: "http://secunia.com/advisories/30564", }, { name: "SUSE-SA:2008:028", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html", }, { name: "RHSA-2008:0515", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0515.html", }, { name: "GLSA-200806-06", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200806-06.xml", }, { name: "30571", refsource: "SECUNIA", url: "http://secunia.com/advisories/30571", }, { name: "FEDORA-2008-4990", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html", }, { name: "evolution-icalendar-description-bo(42826)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826", }, { name: "1020170", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020170", }, { name: "http://secunia.com/secunia_research/2008-23/advisory/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-23/advisory/", }, { name: "RHSA-2008:0514", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0514.html", }, { name: "30716", refsource: "SECUNIA", url: "http://secunia.com/advisories/30716", }, { name: "30527", refsource: "SECUNIA", url: "http://secunia.com/advisories/30527", }, { name: "29527", refsource: "BID", url: "http://www.securityfocus.com/bid/29527", }, { name: "30702", refsource: "SECUNIA", url: "http://secunia.com/advisories/30702", }, { name: "MDVSA-2008:111", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111", }, { name: "oval:org.mitre.oval:def:10337", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337", }, { name: "USN-615-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-615-1", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-1109", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "http://secunia.com/secunia_research/2008-23/advisory/", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-23/advisory/", }, { name: "30298", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30298", }, { name: "30571", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/30571", }, { name: "SUSE-SA:2008:028", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html", }, { name: "30527", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/30527", }, { name: "MDVSA-2008:111", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111", }, { name: "GLSA-200806-06", refsource: "GENTOO", tags: [], url: "http://security.gentoo.org/glsa/glsa-200806-06.xml", }, { name: "29527", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/29527", }, { name: "USN-615-1", refsource: "UBUNTU", tags: [], url: "http://www.ubuntu.com/usn/usn-615-1", }, { name: "RHSA-2008:0514", refsource: "REDHAT", tags: [], url: "http://www.redhat.com/support/errata/RHSA-2008-0514.html", }, { name: "30716", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/30716", }, { name: "RHSA-2008:0515", refsource: "REDHAT", tags: [], url: "http://www.redhat.com/support/errata/RHSA-2008-0515.html", }, { name: "1020170", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id?1020170", }, { name: "30702", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/30702", }, { name: "FEDORA-2008-4990", refsource: "FEDORA", tags: [], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html", }, { name: "30564", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/30564", }, { name: "FEDORA-2008-5018", refsource: "FEDORA", tags: [], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html", }, { name: "FEDORA-2008-5016", refsource: "FEDORA", tags: [], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html", }, { name: "ADV-2008-1732", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2008/1732/references", }, { name: "evolution-icalendar-description-bo(42826)", refsource: "XF", tags: [], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826", }, { name: "oval:org.mitre.oval:def:10337", refsource: "OVAL", tags: [], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: true, }, }, lastModifiedDate: "2017-09-29T01:30Z", publishedDate: "2008-06-04T20:32Z", }, }, }
rhsa-2008_0515
Vulnerability from csaf_redhat
Published
2008-06-04 12:49
Modified
2024-11-22 02:03
Summary
Red Hat Security Advisory: evolution28 security update
Notes
Topic
Updated evolution28 packages that address two buffer overflow
vulnerabilities are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated evolution28 packages that address two buffer overflow\nvulnerabilities are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0515", url: "https://access.redhat.com/errata/RHSA-2008:0515", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0515.json", }, ], title: "Red Hat Security Advisory: evolution28 security update", tracking: { current_release_date: "2024-11-22T02:03:01+00:00", generator: { date: "2024-11-22T02:03:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0515", initial_release_date: "2008-06-04T12:49:00+00:00", revision_history: [ { date: "2008-06-04T12:49:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-06-04T08:57:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:03:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ia64", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ia64", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=i386", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=i386", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.src", product: { name: "evolution28-0:2.8.0-53.el4_6.3.src", product_id: "evolution28-0:2.8.0-53.el4_6.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ppc", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ppc", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390x", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390x", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1108", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448540", }, ], notes: [ { category: "description", text: "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large timezone specification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1108", }, { category: "external", summary: "RHBZ#448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1108", url: "https://www.cve.org/CVERecord?id=CVE-2008-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T12:49:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0515", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "evolution: iCalendar buffer overflow via large timezone specification", }, { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1109", discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448541", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large description parameter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1109", }, { category: "external", summary: "RHBZ#448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1109", url: "https://www.cve.org/CVERecord?id=CVE-2008-1109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T12:49:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0515", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "evolution: iCalendar buffer overflow via large description parameter", }, ], }
RHSA-2008:0515
Vulnerability from csaf_redhat
Published
2008-06-04 12:49
Modified
2024-11-22 02:03
Summary
Red Hat Security Advisory: evolution28 security update
Notes
Topic
Updated evolution28 packages that address two buffer overflow
vulnerabilities are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated evolution28 packages that address two buffer overflow\nvulnerabilities are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0515", url: "https://access.redhat.com/errata/RHSA-2008:0515", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0515.json", }, ], title: "Red Hat Security Advisory: evolution28 security update", tracking: { current_release_date: "2024-11-22T02:03:01+00:00", generator: { date: "2024-11-22T02:03:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0515", initial_release_date: "2008-06-04T12:49:00+00:00", revision_history: [ { date: "2008-06-04T12:49:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-06-04T08:57:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:03:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ia64", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ia64", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=i386", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=i386", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.src", product: { name: "evolution28-0:2.8.0-53.el4_6.3.src", product_id: "evolution28-0:2.8.0-53.el4_6.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ppc", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ppc", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390x", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390x", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1108", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448540", }, ], notes: [ { category: "description", text: "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large timezone specification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1108", }, { category: "external", summary: "RHBZ#448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1108", url: "https://www.cve.org/CVERecord?id=CVE-2008-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T12:49:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0515", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "evolution: iCalendar buffer overflow via large timezone specification", }, { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1109", discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448541", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large description parameter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1109", }, { category: "external", summary: "RHBZ#448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1109", url: "https://www.cve.org/CVERecord?id=CVE-2008-1109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T12:49:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0515", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "evolution: iCalendar buffer overflow via large description parameter", }, ], }
RHSA-2008:0514
Vulnerability from csaf_redhat
Published
2008-06-04 10:46
Modified
2024-11-22 02:02
Summary
Red Hat Security Advisory: evolution security update
Notes
Topic
Updated evolution packages that fix two buffer overflow vulnerabilities are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated evolution packages that fix two buffer overflow vulnerabilities are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0514", url: "https://access.redhat.com/errata/RHSA-2008:0514", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#important", url: "http://www.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0514.json", }, ], title: "Red Hat Security Advisory: evolution security update", tracking: { current_release_date: "2024-11-22T02:02:55+00:00", generator: { date: "2024-11-22T02:02:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0514", initial_release_date: "2008-06-04T10:46:00+00:00", revision_history: [ { date: "2008-06-04T10:46:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-06-04T06:46:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:02:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product: { name: "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_productivity:5", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-help-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-help-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.src", product: { name: "evolution-0:2.12.3-8.el5_2.2.src", product_id: "evolution-0:2.12.3-8.el5_2.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1108", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448540", }, ], notes: [ { category: "description", text: "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large timezone specification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1108", }, { category: "external", summary: "RHBZ#448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1108", url: "https://www.cve.org/CVERecord?id=CVE-2008-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T10:46:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0514", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "evolution: iCalendar buffer overflow via large timezone specification", }, { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1109", discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448541", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large description parameter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1109", }, { category: "external", summary: "RHBZ#448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1109", url: "https://www.cve.org/CVERecord?id=CVE-2008-1109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T10:46:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0514", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "evolution: iCalendar buffer overflow via large description parameter", }, ], }
rhsa-2008_0514
Vulnerability from csaf_redhat
Published
2008-06-04 10:46
Modified
2024-11-22 02:02
Summary
Red Hat Security Advisory: evolution security update
Notes
Topic
Updated evolution packages that fix two buffer overflow vulnerabilities are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated evolution packages that fix two buffer overflow vulnerabilities are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0514", url: "https://access.redhat.com/errata/RHSA-2008:0514", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#important", url: "http://www.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0514.json", }, ], title: "Red Hat Security Advisory: evolution security update", tracking: { current_release_date: "2024-11-22T02:02:55+00:00", generator: { date: "2024-11-22T02:02:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0514", initial_release_date: "2008-06-04T10:46:00+00:00", revision_history: [ { date: "2008-06-04T10:46:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-06-04T06:46:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:02:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product: { name: "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_productivity:5", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-help-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-help-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.src", product: { name: "evolution-0:2.12.3-8.el5_2.2.src", product_id: "evolution-0:2.12.3-8.el5_2.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1108", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448540", }, ], notes: [ { category: "description", text: "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large timezone specification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1108", }, { category: "external", summary: "RHBZ#448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1108", url: "https://www.cve.org/CVERecord?id=CVE-2008-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T10:46:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0514", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "evolution: iCalendar buffer overflow via large timezone specification", }, { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1109", discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448541", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large description parameter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1109", }, { category: "external", summary: "RHBZ#448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1109", url: "https://www.cve.org/CVERecord?id=CVE-2008-1109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T10:46:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0514", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "evolution: iCalendar buffer overflow via large description parameter", }, ], }
rhsa-2008:0514
Vulnerability from csaf_redhat
Published
2008-06-04 10:46
Modified
2024-11-22 02:02
Summary
Red Hat Security Advisory: evolution security update
Notes
Topic
Updated evolution packages that fix two buffer overflow vulnerabilities are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated evolution packages that fix two buffer overflow vulnerabilities are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0514", url: "https://access.redhat.com/errata/RHSA-2008:0514", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#important", url: "http://www.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0514.json", }, ], title: "Red Hat Security Advisory: evolution security update", tracking: { current_release_date: "2024-11-22T02:02:55+00:00", generator: { date: "2024-11-22T02:02:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0514", initial_release_date: "2008-06-04T10:46:00+00:00", revision_history: [ { date: "2008-06-04T10:46:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-06-04T06:46:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:02:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product: { name: "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_productivity:5", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, { category: "product_version", name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product_id: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-devel-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-devel@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-debuginfo@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=i386", }, }, }, { category: "product_version", name: "evolution-help-0:2.12.3-8.el5_2.2.i386", product: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386", product_id: "evolution-help-0:2.12.3-8.el5_2.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution-help@2.12.3-8.el5_2.2?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "evolution-0:2.12.3-8.el5_2.2.src", product: { name: "evolution-0:2.12.3-8.el5_2.2.src", product_id: "evolution-0:2.12.3-8.el5_2.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/evolution@2.12.3-8.el5_2.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.src", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-devel-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.i386", relates_to_product_reference: "5Server-DPAS", }, { category: "default_component_of", full_product_name: { name: "evolution-help-0:2.12.3-8.el5_2.2.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", product_id: "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", }, product_reference: "evolution-help-0:2.12.3-8.el5_2.2.x86_64", relates_to_product_reference: "5Server-DPAS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1108", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448540", }, ], notes: [ { category: "description", text: "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large timezone specification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1108", }, { category: "external", summary: "RHBZ#448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1108", url: "https://www.cve.org/CVERecord?id=CVE-2008-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T10:46:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0514", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "evolution: iCalendar buffer overflow via large timezone specification", }, { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1109", discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448541", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large description parameter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1109", }, { category: "external", summary: "RHBZ#448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1109", url: "https://www.cve.org/CVERecord?id=CVE-2008-1109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T10:46:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0514", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.src", "5Client-Workstation:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client-Workstation:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-0:2.12.3-8.el5_2.2.src", "5Client:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Client:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Client:evolution-help-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.src", "5Server-DPAS:evolution-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-debuginfo-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-devel-0:2.12.3-8.el5_2.2.x86_64", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.i386", "5Server-DPAS:evolution-help-0:2.12.3-8.el5_2.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "evolution: iCalendar buffer overflow via large description parameter", }, ], }
rhsa-2008:0515
Vulnerability from csaf_redhat
Published
2008-06-04 12:49
Modified
2024-11-22 02:03
Summary
Red Hat Security Advisory: evolution28 security update
Notes
Topic
Updated evolution28 packages that address two buffer overflow
vulnerabilities are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).
The particular response required to trigger this vulnerability was as
follows:
1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.
All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated evolution28 packages that address two buffer overflow\nvulnerabilities are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Evolution is the integrated collection of e-mail, calendaring, contact\nmanagement, communications and personal information management (PIM) tools\nfor the GNOME desktop environment.\n\nA flaw was found in the way Evolution parsed iCalendar timezone attachment\ndata. If the Itip Formatter plug-in was disabled and a user opened a mail\nwith a carefully crafted iCalendar attachment, arbitrary code could be\nexecuted as the user running Evolution. (CVE-2008-1108)\n\nNote: the Itip Formatter plug-in, which allows calendar information\n(attachments with a MIME type of \"text/calendar\") to be displayed as part\nof the e-mail message, is enabled by default.\n\nA heap-based buffer overflow flaw was found in the way Evolution parsed\niCalendar attachments with an overly long \"DESCRIPTION\" property string. If\na user responded to a carefully crafted iCalendar attachment in a\nparticular way, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-1109).\n\nThe particular response required to trigger this vulnerability was as\nfollows:\n\n1. Receive the carefully crafted iCalendar attachment.\n2. Accept the associated meeting.\n3. Open the calender the meeting was in.\n4. Reply to the sender.\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\nresponsibly disclosing these issues.\n\nAll Evolution users should upgrade to these updated packages, which contain\nbackported patches which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0515", url: "https://access.redhat.com/errata/RHSA-2008:0515", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0515.json", }, ], title: "Red Hat Security Advisory: evolution28 security update", tracking: { current_release_date: "2024-11-22T02:03:01+00:00", generator: { date: "2024-11-22T02:03:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0515", initial_release_date: "2008-06-04T12:49:00+00:00", revision_history: [ { date: "2008-06-04T12:49:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-06-04T08:57:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:03:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ia64", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ia64", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.ia64", product: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64", product_id: "evolution28-0:2.8.0-53.el4_6.3.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product_id: "evolution28-0:2.8.0-53.el4_6.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=i386", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=i386", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.i386", product: { name: "evolution28-0:2.8.0-53.el4_6.3.i386", product_id: "evolution28-0:2.8.0-53.el4_6.3.i386", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.src", product: { name: "evolution28-0:2.8.0-53.el4_6.3.src", product_id: "evolution28-0:2.8.0-53.el4_6.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=ppc", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=ppc", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.ppc", product: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc", product_id: "evolution28-0:2.8.0-53.el4_6.3.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390x", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390x", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.s390x", product: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x", product_id: "evolution28-0:2.8.0-53.el4_6.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-debuginfo@2.8.0-53.el4_6.3?arch=s390", }, }, }, { category: "product_version", name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28-devel@2.8.0-53.el4_6.3?arch=s390", }, }, }, { category: "product_version", name: "evolution28-0:2.8.0-53.el4_6.3.s390", product: { name: "evolution28-0:2.8.0-53.el4_6.3.s390", product_id: "evolution28-0:2.8.0-53.el4_6.3.s390", product_identification_helper: { purl: "pkg:rpm/redhat/evolution28@2.8.0-53.el4_6.3?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.src", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", }, product_reference: "evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1108", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448540", }, ], notes: [ { category: "description", text: "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large timezone specification", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1108", }, { category: "external", summary: "RHBZ#448540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448540", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1108", url: "https://www.cve.org/CVERecord?id=CVE-2008-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1108", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T12:49:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0515", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "evolution: iCalendar buffer overflow via large timezone specification", }, { acknowledgments: [ { names: [ "Alin Rad Pop", ], organization: "Secunia Research", }, ], cve: "CVE-2008-1109", discovery_date: "2008-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "448541", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", title: "Vulnerability description", }, { category: "summary", text: "evolution: iCalendar buffer overflow via large description parameter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1109", }, { category: "external", summary: "RHBZ#448541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=448541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1109", url: "https://www.cve.org/CVERecord?id=CVE-2008-1109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", }, ], release_date: "2008-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-06-04T12:49:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0515", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS:evolution28-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-0:2.8.0-53.el4_6.3.src", "4AS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4AS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.src", "4Desktop:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4Desktop:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-0:2.8.0-53.el4_6.3.src", "4ES:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4ES:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-0:2.8.0-53.el4_6.3.src", "4WS:evolution28-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-debuginfo-0:2.8.0-53.el4_6.3.x86_64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.i386", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ia64", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.ppc", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.s390x", "4WS:evolution28-devel-0:2.8.0-53.el4_6.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "evolution: iCalendar buffer overflow via large description parameter", }, ], }
fkie_cve-2008-1109
Vulnerability from fkie_nvd
Published
2008-06-04 20:32
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnome:evolution:2.22.1:*:*:*:*:*:*:*", matchCriteriaId: "DFFCC802-9313-4B56-97A8-9A18F04799DE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", }, { lang: "es", value: "Desbordamiento de Búfer basado en montículo en Evolution 2.22.1 permite a atacantes remotos asistidos por el usuario, ejecutar código arbitrariamente mediante una propiedad DESCRIPTION larga en un adjunto iCalendar, que no es gestionado correctamente durante una respuesta en la vista de calendario (también conocida como ventana de Calendarios).", }, ], id: "CVE-2008-1109", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-06-04T20:32:00.000", references: [ { source: "PSIRT-CNA@flexerasoftware.com", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30298", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://secunia.com/advisories/30527", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://secunia.com/advisories/30564", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://secunia.com/advisories/30571", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://secunia.com/advisories/30702", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://secunia.com/advisories/30716", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-23/advisory/", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://security.gentoo.org/glsa/glsa-200806-06.xml", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.redhat.com/support/errata/RHSA-2008-0514.html", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.redhat.com/support/errata/RHSA-2008-0515.html", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/bid/29527", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1020170", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.ubuntu.com/usn/usn-615-1", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2008/1732/references", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-23/advisory/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200806-06.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0514.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0515.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020170", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-615-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1732/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-8h38-8v6v-579f
Vulnerability from github
Published
2022-05-01 23:36
Modified
2025-04-09 03:55
Details
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
{ affected: [], aliases: [ "CVE-2008-1109", ], database_specific: { cwe_ids: [ "CWE-119", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2008-06-04T20:32:00Z", severity: "HIGH", }, details: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", id: "GHSA-8h38-8v6v-579f", modified: "2025-04-09T03:55:12Z", published: "2022-05-01T23:36:47Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1109", }, { type: "WEB", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826", }, { type: "WEB", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337", }, { type: "WEB", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html", }, { type: "WEB", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html", }, { type: "WEB", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html", }, { type: "WEB", url: "http://secunia.com/advisories/30298", }, { type: "WEB", url: "http://secunia.com/advisories/30527", }, { type: "WEB", url: "http://secunia.com/advisories/30564", }, { type: "WEB", url: "http://secunia.com/advisories/30571", }, { type: "WEB", url: "http://secunia.com/advisories/30702", }, { type: "WEB", url: "http://secunia.com/advisories/30716", }, { type: "WEB", url: "http://secunia.com/secunia_research/2008-23/advisory", }, { type: "WEB", url: "http://security.gentoo.org/glsa/glsa-200806-06.xml", }, { type: "WEB", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111", }, { type: "WEB", url: "http://www.redhat.com/support/errata/RHSA-2008-0514.html", }, { type: "WEB", url: "http://www.redhat.com/support/errata/RHSA-2008-0515.html", }, { type: "WEB", url: "http://www.securityfocus.com/bid/29527", }, { type: "WEB", url: "http://www.securitytracker.com/id?1020170", }, { type: "WEB", url: "http://www.ubuntu.com/usn/usn-615-1", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2008/1732/references", }, ], schema_version: "1.4.0", severity: [], }
opensuse-su-2024:10743-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
evolution-3.40.4-1.4 on GA media
Notes
Title of the patch
evolution-3.40.4-1.4 on GA media
Description of the patch
These are all security issues fixed in the evolution-3.40.4-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10743
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "evolution-3.40.4-1.4 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the evolution-3.40.4-1.4 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10743", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10743-1.json", }, { category: "self", summary: "SUSE CVE CVE-2008-1108 page", url: "https://www.suse.com/security/cve/CVE-2008-1108/", }, { category: "self", summary: "SUSE CVE CVE-2008-1109 page", url: "https://www.suse.com/security/cve/CVE-2008-1109/", }, { category: "self", summary: "SUSE CVE CVE-2018-15587 page", url: "https://www.suse.com/security/cve/CVE-2018-15587/", }, ], title: "evolution-3.40.4-1.4 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10743-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "evolution-3.40.4-1.4.aarch64", product: { name: "evolution-3.40.4-1.4.aarch64", product_id: "evolution-3.40.4-1.4.aarch64", }, }, { category: "product_version", name: "evolution-devel-3.40.4-1.4.aarch64", product: { name: "evolution-devel-3.40.4-1.4.aarch64", product_id: "evolution-devel-3.40.4-1.4.aarch64", }, }, { category: "product_version", name: "evolution-lang-3.40.4-1.4.aarch64", product: { name: "evolution-lang-3.40.4-1.4.aarch64", product_id: "evolution-lang-3.40.4-1.4.aarch64", }, }, { category: "product_version", name: "evolution-plugin-bogofilter-3.40.4-1.4.aarch64", product: { name: "evolution-plugin-bogofilter-3.40.4-1.4.aarch64", product_id: "evolution-plugin-bogofilter-3.40.4-1.4.aarch64", }, }, { category: "product_version", name: "evolution-plugin-pst-import-3.40.4-1.4.aarch64", product: { name: "evolution-plugin-pst-import-3.40.4-1.4.aarch64", product_id: "evolution-plugin-pst-import-3.40.4-1.4.aarch64", }, }, { category: "product_version", name: "evolution-plugin-spamassassin-3.40.4-1.4.aarch64", product: { name: "evolution-plugin-spamassassin-3.40.4-1.4.aarch64", product_id: "evolution-plugin-spamassassin-3.40.4-1.4.aarch64", }, }, { category: "product_version", name: "evolution-plugin-text-highlight-3.40.4-1.4.aarch64", product: { name: "evolution-plugin-text-highlight-3.40.4-1.4.aarch64", product_id: "evolution-plugin-text-highlight-3.40.4-1.4.aarch64", }, }, { category: "product_version", name: "glade-catalog-evolution-3.40.4-1.4.aarch64", product: { name: "glade-catalog-evolution-3.40.4-1.4.aarch64", product_id: "glade-catalog-evolution-3.40.4-1.4.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "evolution-3.40.4-1.4.ppc64le", product: { name: "evolution-3.40.4-1.4.ppc64le", product_id: "evolution-3.40.4-1.4.ppc64le", }, }, { category: "product_version", name: "evolution-devel-3.40.4-1.4.ppc64le", product: { name: "evolution-devel-3.40.4-1.4.ppc64le", product_id: "evolution-devel-3.40.4-1.4.ppc64le", }, }, { category: "product_version", name: "evolution-lang-3.40.4-1.4.ppc64le", product: { name: "evolution-lang-3.40.4-1.4.ppc64le", product_id: "evolution-lang-3.40.4-1.4.ppc64le", }, }, { category: "product_version", name: "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", product: { name: "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", product_id: "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", }, }, { category: "product_version", name: "evolution-plugin-pst-import-3.40.4-1.4.ppc64le", product: { name: "evolution-plugin-pst-import-3.40.4-1.4.ppc64le", product_id: "evolution-plugin-pst-import-3.40.4-1.4.ppc64le", }, }, { category: "product_version", name: "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", product: { name: "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", product_id: "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", }, }, { category: "product_version", name: "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", product: { name: "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", product_id: "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", }, }, { category: "product_version", name: "glade-catalog-evolution-3.40.4-1.4.ppc64le", product: { name: "glade-catalog-evolution-3.40.4-1.4.ppc64le", product_id: "glade-catalog-evolution-3.40.4-1.4.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "evolution-3.40.4-1.4.s390x", product: { name: "evolution-3.40.4-1.4.s390x", product_id: "evolution-3.40.4-1.4.s390x", }, }, { category: "product_version", name: "evolution-devel-3.40.4-1.4.s390x", product: { name: "evolution-devel-3.40.4-1.4.s390x", product_id: "evolution-devel-3.40.4-1.4.s390x", }, }, { category: "product_version", name: "evolution-lang-3.40.4-1.4.s390x", product: { name: "evolution-lang-3.40.4-1.4.s390x", product_id: "evolution-lang-3.40.4-1.4.s390x", }, }, { category: "product_version", name: "evolution-plugin-bogofilter-3.40.4-1.4.s390x", product: { name: "evolution-plugin-bogofilter-3.40.4-1.4.s390x", product_id: "evolution-plugin-bogofilter-3.40.4-1.4.s390x", }, }, { category: "product_version", name: "evolution-plugin-pst-import-3.40.4-1.4.s390x", product: { name: "evolution-plugin-pst-import-3.40.4-1.4.s390x", product_id: "evolution-plugin-pst-import-3.40.4-1.4.s390x", }, }, { category: "product_version", name: "evolution-plugin-spamassassin-3.40.4-1.4.s390x", product: { name: "evolution-plugin-spamassassin-3.40.4-1.4.s390x", product_id: "evolution-plugin-spamassassin-3.40.4-1.4.s390x", }, }, { category: "product_version", name: "evolution-plugin-text-highlight-3.40.4-1.4.s390x", product: { name: "evolution-plugin-text-highlight-3.40.4-1.4.s390x", product_id: "evolution-plugin-text-highlight-3.40.4-1.4.s390x", }, }, { category: "product_version", name: "glade-catalog-evolution-3.40.4-1.4.s390x", product: { name: "glade-catalog-evolution-3.40.4-1.4.s390x", product_id: "glade-catalog-evolution-3.40.4-1.4.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "evolution-3.40.4-1.4.x86_64", product: { name: "evolution-3.40.4-1.4.x86_64", product_id: "evolution-3.40.4-1.4.x86_64", }, }, { category: "product_version", name: "evolution-devel-3.40.4-1.4.x86_64", product: { name: "evolution-devel-3.40.4-1.4.x86_64", product_id: "evolution-devel-3.40.4-1.4.x86_64", }, }, { category: "product_version", name: "evolution-lang-3.40.4-1.4.x86_64", product: { name: "evolution-lang-3.40.4-1.4.x86_64", product_id: "evolution-lang-3.40.4-1.4.x86_64", }, }, { category: "product_version", name: "evolution-plugin-bogofilter-3.40.4-1.4.x86_64", product: { name: "evolution-plugin-bogofilter-3.40.4-1.4.x86_64", product_id: "evolution-plugin-bogofilter-3.40.4-1.4.x86_64", }, }, { category: "product_version", name: "evolution-plugin-pst-import-3.40.4-1.4.x86_64", product: { name: "evolution-plugin-pst-import-3.40.4-1.4.x86_64", product_id: "evolution-plugin-pst-import-3.40.4-1.4.x86_64", }, }, { category: "product_version", name: "evolution-plugin-spamassassin-3.40.4-1.4.x86_64", product: { name: "evolution-plugin-spamassassin-3.40.4-1.4.x86_64", product_id: "evolution-plugin-spamassassin-3.40.4-1.4.x86_64", }, }, { category: "product_version", name: "evolution-plugin-text-highlight-3.40.4-1.4.x86_64", product: { name: "evolution-plugin-text-highlight-3.40.4-1.4.x86_64", product_id: "evolution-plugin-text-highlight-3.40.4-1.4.x86_64", }, }, { category: "product_version", name: "glade-catalog-evolution-3.40.4-1.4.x86_64", product: { name: "glade-catalog-evolution-3.40.4-1.4.x86_64", product_id: "glade-catalog-evolution-3.40.4-1.4.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "evolution-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64", }, product_reference: "evolution-3.40.4-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le", }, product_reference: "evolution-3.40.4-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-3.40.4-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x", }, product_reference: "evolution-3.40.4-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64", }, product_reference: "evolution-3.40.4-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64", }, product_reference: "evolution-devel-3.40.4-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le", }, product_reference: "evolution-devel-3.40.4-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-3.40.4-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x", }, product_reference: "evolution-devel-3.40.4-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-devel-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64", }, product_reference: "evolution-devel-3.40.4-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-lang-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64", }, product_reference: "evolution-lang-3.40.4-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-lang-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le", }, product_reference: "evolution-lang-3.40.4-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-lang-3.40.4-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x", }, product_reference: "evolution-lang-3.40.4-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-lang-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64", }, product_reference: "evolution-lang-3.40.4-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-bogofilter-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64", }, product_reference: "evolution-plugin-bogofilter-3.40.4-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", }, product_reference: "evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-bogofilter-3.40.4-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x", }, product_reference: "evolution-plugin-bogofilter-3.40.4-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-bogofilter-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64", }, product_reference: "evolution-plugin-bogofilter-3.40.4-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-pst-import-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64", }, product_reference: "evolution-plugin-pst-import-3.40.4-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-pst-import-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le", }, product_reference: "evolution-plugin-pst-import-3.40.4-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-pst-import-3.40.4-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x", }, product_reference: "evolution-plugin-pst-import-3.40.4-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-pst-import-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64", }, product_reference: "evolution-plugin-pst-import-3.40.4-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-spamassassin-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64", }, product_reference: "evolution-plugin-spamassassin-3.40.4-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", }, product_reference: "evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-spamassassin-3.40.4-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x", }, product_reference: "evolution-plugin-spamassassin-3.40.4-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-spamassassin-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64", }, product_reference: "evolution-plugin-spamassassin-3.40.4-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-text-highlight-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64", }, product_reference: "evolution-plugin-text-highlight-3.40.4-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", }, product_reference: "evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-text-highlight-3.40.4-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x", }, product_reference: "evolution-plugin-text-highlight-3.40.4-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "evolution-plugin-text-highlight-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64", }, product_reference: "evolution-plugin-text-highlight-3.40.4-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glade-catalog-evolution-3.40.4-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64", }, product_reference: "glade-catalog-evolution-3.40.4-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glade-catalog-evolution-3.40.4-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le", }, product_reference: "glade-catalog-evolution-3.40.4-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glade-catalog-evolution-3.40.4-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x", }, product_reference: "glade-catalog-evolution-3.40.4-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glade-catalog-evolution-3.40.4-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64", }, product_reference: "glade-catalog-evolution-3.40.4-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1108", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-1108", }, ], notes: [ { category: "general", text: "Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-1108", url: "https://www.suse.com/security/cve/CVE-2008-1108", }, { category: "external", summary: "SUSE Bug 394641 for CVE-2008-1108", url: "https://bugzilla.suse.com/394641", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2008-1108", }, { cve: "CVE-2008-1109", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-1109", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-1109", url: "https://www.suse.com/security/cve/CVE-2008-1109", }, { category: "external", summary: "SUSE Bug 394641 for CVE-2008-1109", url: "https://bugzilla.suse.com/394641", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2008-1109", }, { cve: "CVE-2018-15587", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-15587", }, ], notes: [ { category: "general", text: "GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-15587", url: "https://www.suse.com/security/cve/CVE-2018-15587", }, { category: "external", summary: "SUSE Bug 1125230 for CVE-2018-15587", url: "https://bugzilla.suse.com/1125230", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-devel-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-lang-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-bogofilter-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-pst-import-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-spamassassin-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.s390x", "openSUSE Tumbleweed:evolution-plugin-text-highlight-3.40.4-1.4.x86_64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.aarch64", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.ppc64le", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.s390x", "openSUSE Tumbleweed:glade-catalog-evolution-3.40.4-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-15587", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.