FreeBSD : evolution -- remote format string vulnerabilities (e5afdf63-1746-11da-978e-0001020eed82)
High Nessus Plugin ID 21526
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA SITIC Vulnerability Advisory reports :
Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code.
- The first format string bug occurs when viewing the full vCard data attached to an e-mail message.
- The second format string bug occurs when displaying contact data from remote LDAP servers.
- The third format string bug occurs when displaying task list data from remote servers.
- The fourth, and least serious, format string bug occurs when the user goes to the Calendars tab to save task list data that is vulnerable to problem 3 above. Other calendar entries that do not come from task lists are also affected.
SolutionUpdate the affected package.