RedHat liberó una actualización para Evolution. Esta repara varias vulnerabilidades que puede explotarse para comprometer un sistema vulnerable.
RedHat Security Response Team.
RHSA-2005:267-10
RedHat Enterprise Linux AS 3 | Evolution | < | 1.4.5 |
RedHat Enterprise Linux AS 4 | Evolution | < | 2.0.2 |
RedHat Enterprise Linux ES 3 | Evolution | < | 1.4.5 |
RedHat Enterprise Linux ES 4 | Evolution | < | 2.0.2 |
RedHat Enterprise Linux WS 3 | Evolution | < | 1.4.5 |
RedHat Enterprise Linux WS 4 | Evolution | < | 2.0.2 |
RedHat liberó una actualización para Evolution. Esta repara varias vulnerabilidades que puede explotarse por personas maliciosas para comprometer un sistema vulnerable.
Ulf Harnhammar encontró varias vulnerabilidades de formato de cadena en Evolution. Engañando a un usuario a ver una vCard maliciosa anexa a un correo electrónico, datos maliciosos de un contacto desde un servidor LDAP, listas de tareas maliciosas desde servidores remotos, o guardando listas maliciosas en el calendario, con esto un atacante podría ejecutar código arbitrario con los privilegios del usuario que este utilizando Evolution.
Ver:
Múltiples vulnerabilidades de formato de cadena en Evolution de GNOME
Acceso al sistema.
Aplicar los paquetes actualizados, están disponibles desde el sitio de RedHat.
http://rhn.redhat.com/
Red Hat Desktop (v. 3) SRPMS: evolution-1.4.5-16.src.rpm 64de9c454f1985ac261404de29171459 IA-32: evolution-1.4.5-16.i386.rpm b6ab1aee94253b982a327828d201ab90 evolution-devel-1.4.5-16.i386.rpm 72e961d8fafbd83ed5f354a1f066f308 x86_64: evolution-1.4.5-16.x86_64.rpm ee6f495c0204f84f7d2ed4e96cbca4dd evolution-devel-1.4.5-16.x86_64.rpm acba6d9167cedfec8b52f7acb0ce5773 Red Hat Desktop (v. 4) SRPMS: evolution-2.0.2-16.3.src.rpm 38e6363d976371f9c506e85d85964f80 IA-32: evolution-2.0.2-16.3.i386.rpm ebebd06e957857c33718dbeae32fe191 evolution-devel-2.0.2-16.3.i386.rpm 4a5434ff49d485307516b7074be33452 x86_64: evolution-2.0.2-16.3.x86_64.rpm ec340d42ffdcb8de1d8ec844868f92b7 evolution-devel-2.0.2-16.3.x86_64.rpm 55df9a9c087385075c1acc9864349d7c Red Hat Enterprise Linux AS (v. 3) SRPMS: evolution-1.4.5-16.src.rpm 64de9c454f1985ac261404de29171459 IA-32: evolution-1.4.5-16.i386.rpm b6ab1aee94253b982a327828d201ab90 evolution-devel-1.4.5-16.i386.rpm 72e961d8fafbd83ed5f354a1f066f308 IA-64: evolution-1.4.5-16.ia64.rpm 0afe128ad8d995daf7e52d1f718ac3fa evolution-devel-1.4.5-16.ia64.rpm 841a301e4f8f0b7fdf9254278d2a0d01 PPC: evolution-1.4.5-16.ppc.rpm 45ccb2ad1cad38000bdf9735d89740cd evolution-devel-1.4.5-16.ppc.rpm 471dbd100230ec85140667ab4afe4f9a s390: evolution-1.4.5-16.s390.rpm f21d2bbe58e1d4bc10451d3b66d477df evolution-devel-1.4.5-16.s390.rpm c1f9135edee72d450f822da6b70517c1 s390x: evolution-1.4.5-16.s390x.rpm e4845774c8ae63f2c754ee18bbfb08dd evolution-devel-1.4.5-16.s390x.rpm 144becdb2a59b78e2510cac31968a4e1 x86_64: evolution-1.4.5-16.x86_64.rpm ee6f495c0204f84f7d2ed4e96cbca4dd evolution-devel-1.4.5-16.x86_64.rpm acba6d9167cedfec8b52f7acb0ce5773 Red Hat Enterprise Linux AS (v. 4) SRPMS: evolution-2.0.2-16.3.src.rpm 38e6363d976371f9c506e85d85964f80 IA-32: evolution-2.0.2-16.3.i386.rpm ebebd06e957857c33718dbeae32fe191 evolution-devel-2.0.2-16.3.i386.rpm 4a5434ff49d485307516b7074be33452 IA-64: evolution-2.0.2-16.3.ia64.rpm 0c5f0fa243d7344c7c08e53fa9cf567c evolution-devel-2.0.2-16.3.ia64.rpm c6436a6670f2e95d57553a4be64727dd PPC: evolution-2.0.2-16.3.ppc.rpm fa014dc0973f2c0e6e9e53eada2870a9 evolution-devel-2.0.2-16.3.ppc.rpm eaca77794ce77f996dcb0edc2be28efa s390: evolution-2.0.2-16.3.s390.rpm 3aead415dfd8b2bd14cc365fbc2c72a5 evolution-devel-2.0.2-16.3.s390.rpm c2f76dc40fc4cabf40684b334ff61f3d s390x: evolution-2.0.2-16.3.s390x.rpm cd24f2f5e1b30c7e316e9de46c113270 evolution-devel-2.0.2-16.3.s390x.rpm 44e56bc1727578db18e4fddc06c62a97 x86_64: evolution-2.0.2-16.3.x86_64.rpm ec340d42ffdcb8de1d8ec844868f92b7 evolution-devel-2.0.2-16.3.x86_64.rpm 55df9a9c087385075c1acc9864349d7c Red Hat Enterprise Linux ES (v. 3) SRPMS: evolution-1.4.5-16.src.rpm 64de9c454f1985ac261404de29171459 IA-32: evolution-1.4.5-16.i386.rpm b6ab1aee94253b982a327828d201ab90 evolution-devel-1.4.5-16.i386.rpm 72e961d8fafbd83ed5f354a1f066f308 IA-64: evolution-1.4.5-16.ia64.rpm 0afe128ad8d995daf7e52d1f718ac3fa evolution-devel-1.4.5-16.ia64.rpm 841a301e4f8f0b7fdf9254278d2a0d01 x86_64: evolution-1.4.5-16.x86_64.rpm ee6f495c0204f84f7d2ed4e96cbca4dd evolution-devel-1.4.5-16.x86_64.rpm acba6d9167cedfec8b52f7acb0ce5773 Red Hat Enterprise Linux ES (v. 4) SRPMS: evolution-2.0.2-16.3.src.rpm 38e6363d976371f9c506e85d85964f80 IA-32: evolution-2.0.2-16.3.i386.rpm ebebd06e957857c33718dbeae32fe191 evolution-devel-2.0.2-16.3.i386.rpm 4a5434ff49d485307516b7074be33452 IA-64: evolution-2.0.2-16.3.ia64.rpm 0c5f0fa243d7344c7c08e53fa9cf567c evolution-devel-2.0.2-16.3.ia64.rpm c6436a6670f2e95d57553a4be64727dd x86_64: evolution-2.0.2-16.3.x86_64.rpm ec340d42ffdcb8de1d8ec844868f92b7 evolution-devel-2.0.2-16.3.x86_64.rpm 55df9a9c087385075c1acc9864349d7c Red Hat Enterprise Linux WS (v. 3) SRPMS: evolution-1.4.5-16.src.rpm 64de9c454f1985ac261404de29171459 IA-32: evolution-1.4.5-16.i386.rpm b6ab1aee94253b982a327828d201ab90 evolution-devel-1.4.5-16.i386.rpm 72e961d8fafbd83ed5f354a1f066f308 IA-64: evolution-1.4.5-16.ia64.rpm 0afe128ad8d995daf7e52d1f718ac3fa evolution-devel-1.4.5-16.ia64.rpm 841a301e4f8f0b7fdf9254278d2a0d01 x86_64: evolution-1.4.5-16.x86_64.rpm ee6f495c0204f84f7d2ed4e96cbca4dd evolution-devel-1.4.5-16.x86_64.rpm acba6d9167cedfec8b52f7acb0ce5773 Red Hat Enterprise Linux WS (v. 4) SRPMS: evolution-2.0.2-16.3.src.rpm 38e6363d976371f9c506e85d85964f80 IA-32: evolution-2.0.2-16.3.i386.rpm ebebd06e957857c33718dbeae32fe191 evolution-devel-2.0.2-16.3.i386.rpm 4a5434ff49d485307516b7074be33452 IA-64: evolution-2.0.2-16.3.ia64.rpm 0c5f0fa243d7344c7c08e53fa9cf567c evolution-devel-2.0.2-16.3.ia64.rpm c6436a6670f2e95d57553a4be64727dd x86_64: evolution-2.0.2-16.3.x86_64.rpm ec340d42ffdcb8de1d8ec844868f92b7 evolution-devel-2.0.2-16.3.x86_64.rpm 55df9a9c087385075c1acc9864349d7c
Mayor información.
http://rhn.redhat.com/La Coordinación de Seguridad de la Información/UNAM-CERT agradece el apoyo en la elaboración ó traducción y revisión de éste Documento a:
UNAM-CERT
Equipo de Respuesta a Incidentes UNAM
Coordinación de Seguridad de la Información
incidentes at seguridad.unam.mx
phishing at seguridad.unam.mx
http://www.cert.org.mx
http://www.seguridad.unam.mx
ftp://ftp.seguridad.unam.mx
Tel: 56 22 81 69
Fax: 56 22 80 47
Aviso legal |
Créditos |
Staff |
Administración
Copyright © Todos los derechos reservados
UNAM - CERT