GLSA-200501-35 : Evolution: Integer overflow in camel-lock-helper
High Nessus Plugin ID 16426
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200501-35 (Evolution: Integer overflow in camel-lock-helper)
Max Vozeler discovered an integer overflow in the camel-lock-helper application, which is installed as setgid mail by default.
A local attacker could exploit this vulnerability to execute malicious code with the privileges of the 'mail' group. A remote attacker could also setup a malicious POP server to execute arbitrary code when an Evolution user connects to it.
There is no known workaround at this time.
SolutionAll Evolution users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/evolution-2.0.2-r1'