Scientific Linux Security Update : evolution on SL5.x i386/x86_64
High Nessus Plugin ID 60418
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108)
Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of 'text/calendar') to be displayed as part of the e-mail message, is enabled by default.
A heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long 'DESCRIPTION' property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code could be executed as the user running Evolution. (CVE-2008-1109).
SolutionUpdate the affected evolution, evolution-devel and / or evolution-help packages.