View Full Version : USN-475-1: evolution-data-server vulnerability

June 26th, 2007, 10:30 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-475-1 June 21, 2007 evolution-data-server vulnerability CVE-2007-3257 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libcamel1.2-8 1.6.1-0ubuntu7.1 Ubuntu 6.10: libcamel1.2-8 1.8.1-0ubuntu5.1 Ubuntu 7.04: libcamel1.2-10 1.10.1-0ubuntu1.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Philip Van Hoof discovered that the IMAP client in Evolution did not correctly verify the SEQUENCE value. A malicious or spoofed server could exploit this to execute arbitrary code with user privileges.

More... (http://www.ubuntu.com/usn/usn-475-1)