RHEL 4 / 5 : evolution (RHSA-2008:0177)
Medium Nessus Plugin ID 31389
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Evolution is the GNOME collection of personal information management (PIM) tools.
A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072)
All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.
Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue.
SolutionUpdate the affected packages.