PDA

View Full Version : USN-475-1: evolution-data-server vulnerability



rss-bot
June 26th, 2007, 10:30 PM
Referenced CVEs:
CVE-2007-3257


Description:
================================================== ========= Ubuntu Security Notice USN-475-1 June 21, 2007 evolution-data-server vulnerability CVE-2007-3257 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libcamel1.2-8 1.6.1-0ubuntu7.1 Ubuntu 6.10: libcamel1.2-8 1.8.1-0ubuntu5.1 Ubuntu 7.04: libcamel1.2-10 1.10.1-0ubuntu1.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Philip Van Hoof discovered that the IMAP client in Evolution did not correctly verify the SEQUENCE value. A malicious or spoofed server could exploit this to execute arbitrary code with user privileges.





More... (http://www.ubuntu.com/usn/usn-475-1)