Red Hat has updates to the Evolution rpms to address these vulnerabilities. See the following post to the redhat-watch-list:
https://listman.redhat.com/pipermail/redhat-watch-list/2003-March/000650.html Before anybody shoots the messenger (me) ... other distros probably either already have updates or soon will. Check your favorite distro news site or repository if you're interested. Mike On Thu, Mar 20, 2003 at 10:57:59AM -0500, Mike Broome wrote: > Three vulnerabilities in Evolution have been found: > > * transparent decoding of uuencoded attachments; by including a > specially crafted UUE header as part of an otherwise perfectly normal > email an attacker has the ability to crash Evolution as soon as the > mail is parsed > > * resource starvation (exhausting memory) when processing uuencoded > mail content multiple times > > * with a specially crafted MIME Content-ID header as part of an image/* > MIME part, it is possible to include arbitrary data, including HTML > tags, into the stream that is passed to GTKHtml for rendering > > Here's the link to the full advisory > > http://www.securityfocus.com/advisories/5134 > > > Mike -- Mike Broome mbroome(at)employees.org _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
