Mandrake Linux Security Advisory : evolution (MDKSA-2005:141)
High Nessus Plugin ID 19898
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMultiple format string vulnerabilities in Evolution 1.5 through 220.127.116.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. (CVE-2005-2549)
A format string vulnerability in Evolution 1.4 through 18.104.22.168 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. (CVE-2005-2550)
SolutionUpdate the affected evolution, evolution-devel and / or evolution-pilot packages.