安全研究
安全漏洞
Gnome Evolution加密消息格式串处理漏洞
发布日期:2008-03-05
更新日期:2008-03-06
受影响系统:
GNOME Evolution 2.12.3描述:
BUGTRAQ ID: 28102
CVE(CAN) ID: CVE-2008-0072
Evolution是个人和工作组信息管理解决方案,可使用在Linux和Unix操作系统下,集成Email、日历、会议安排、联系人管理等功能。
Evolution的mail/em-format.c文件中的emf_multipart_encrypted()函数在显示加密邮件消息的“Version:”等字段时存在格式串漏洞,如果用户受骗打开了特制邮件消息的话,就可能导致执行任意指令。
<*来源:Ulf Harnhammar (ulfh@update.uu.se)
链接:http://secunia.com/secunia_research/2008-8/advisory/
http://security.gentoo.org/glsa/glsa-200803-12.xml
https://www.redhat.com/support/errata/RHSA-2008-0177.html
https://www.redhat.com/support/errata/RHSA-2008-0178.html
http://www.debian.org/security/2008/dsa-1512
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1512-1)以及相应补丁:
DSA-1512-1:New evolution packages fix arbitrary code execution
链接:http://www.debian.org/security/2008/dsa-1512
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz
Size/MD5 checksum: 294256 892634ed1c28416dea721a0ee1374d84
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc
Size/MD5 checksum: 1459 e4a9b6f334108cae7550c9a0953e8e2b
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb
Size/MD5 checksum: 160454 b6f68df817e14a3c52422e4f0e810bd3
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb
Size/MD5 checksum: 10447584 94e37843d38106635045906d58bd9386
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb
Size/MD5 checksum: 160482 947be2b50da1219d1cbcf9dab63b2280
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb
Size/MD5 checksum: 10596054 be4f110f1d50077b53e013d2824cc1d4
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb
Size/MD5 checksum: 160482 5b6f5d955d309e47fea09e97b24d7d58
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb
Size/MD5 checksum: 10228974 6c38e3e691756beccd1ccfdba259d2a8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb
Size/MD5 checksum: 11419604 c99bb84c7a074900400e59de2b10dcce
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb
Size/MD5 checksum: 160440 8887e35cc887febad15f9b6cf08694fe
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb
Size/MD5 checksum: 160488 6c9a8ba39a6bab1a47dd1da8e99a5205
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb
Size/MD5 checksum: 10286504 7f5d4b747a51e9c72d1114f9bcf6a209
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb
Size/MD5 checksum: 160438 a6e0c9b90c90b6815fd607899aeb7583
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb
Size/MD5 checksum: 10638988 f10525a9b20cc799c0e000c3e81738ab
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
Size/MD5 checksum: 17176288 7af880364d53b18ba72b1f85f3813c81
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc
Size/MD5 checksum: 2269 25a2e18e12a838535c3fd74525696fa0
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz
Size/MD5 checksum: 37993 5f7815f2c6a24f3a0c940d773cca8fb1
Architecture independent packages:
http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb
Size/MD5 checksum: 10107778 003176253e4c0d64c2789c08b6dd66e9
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 6503088 80524049752431123c6e6cc215fed088
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 2572362 40c3491023cc6a44c28b44b677469770
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 118116 91367407df721cef2eb5b31f13dad521
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 220264 af212fee26d899114ec8c0d636af9ea4
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb
Size/MD5 checksum: 94940 4f1bb7f6f1586967d2f7fc238845fdc6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 219254 01a4c8c4bc2b7821de6659b20e92a0e5
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 6190146 4b26686b063745de28647836fed2ea90
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 2255242 1b74f4a729f808034495f526423c7ea1
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 91264 fadd3bb75f6f420f017d1877e4e77e44
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb
Size/MD5 checksum: 110838 6f83e99f96620005fd227f57e68af487
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 213782 f1009fafa12fad8814aa0b5ad50bf47c
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 6436462 11af4dbe53e3f1e4780b35caeacf72fb
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 2857208 f01092a233b3b928e3ff9f12bc335bf6
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 120516 13a1fbcb74d8beec5d64dace004888a7
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb
Size/MD5 checksum: 95580 6cdbe3107c91d2801e30c97436e90aa4
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 2408778 318c10977b3163005ce86d25a6fbbd5d
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 218838 e8507655153c209a3bfb11e65e5d9d6d
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 92168 5a9902f58745a70017af6a8be0781bb3
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 113690 ffb524935d65cc5b57a7eb3b24899a3e
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb
Size/MD5 checksum: 6143092 3556d0ebf225180e0cfa0f8e61bcbb1e
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 129792 372c5de0189470c2dd091641ccbc1800
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 3419898 d2209d01f85549fb3138132429cc0314
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 99694 e35321d55a12521b6bcd572ed48e325b
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 213738 60ccb4b7a99438004ce57b42be023f76
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb
Size/MD5 checksum: 6137762 84e1478a41d2a863b2e84167818142e3
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 220670 8a620eb5ec5247f56eef3094d1f9d2b7
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 6615710 902001a21b48fd095880a4e16f521ee7
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 93276 320b39a0c683153dc68f9226cc29e95d
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 2352486 bbe1b44420951fe0e407f358d67a0a24
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb
Size/MD5 checksum: 113280 dc1fac2d857056eb66ca850dd701b8f6
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 92556 9a037a486b3deac0132f225bcabaaee7
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 213808 ad12c34cf25c343b4bb5bc1a1ec5c270
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 2334122 a3a70c83bc51aa54fe6f14548ca63501
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 112320 c7510452c2552b185a9d4eccc0811db2
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb
Size/MD5 checksum: 6484920 57d9d7045ddb263e696cb6717511e355
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 125054 725fed9a64daced20fd78bdfbe475f5a
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 2465966 0adffc6510e079277208350f555f1f63
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 6513716 66c59b08db75c184018ce915b1e1232a
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 213790 4a6ffd87ebc1c8523986e79b2beb50c1
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb
Size/MD5 checksum: 99302 3f5b40706aae46d7c0620bf02a6df66c
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 213726 249fda940d16912cc17fb5d3c0ff1fcd
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 6397416 9aa410ab707a207d56000a97235a98b5
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 2691100 61a7c41104aded19357ad64f1b05369c
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 94272 07cbb34ce382829898fbd57c0b794529
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb
Size/MD5 checksum: 118362 1be4d726b78ad9efab9a16b4a2ea95cf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 111248 b23db7090cc78d9be75a38c4214c94ee
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 6018682 22883c64d15fd48d06e94ff47f6c85a9
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 91462 7b506ec24eb68f91642d0d33d670bfbd
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 2375358 8b97ebe934f59044c72dcce69f7f12db
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb
Size/MD5 checksum: 213794 2e3bb50d5485dc3979cd07bcc7090cc9
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了安全公告(RHSA-2008:0177-01/RHSA-2008:0178-01)以及相应补丁:
RHSA-2008:0177-01:Critical: evolution security update
链接:https://www.redhat.com/support/errata/RHSA-2008-0177.html
RHSA-2008:0178-01:Critical: evolution security update
链接:https://www.redhat.com/support/errata/RHSA-2008-0178.html
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200803-12)以及相应补丁:
GLSA-200803-12:Evolution: Format string vulnerability
链接:http://security.gentoo.org/glsa/glsa-200803-12.xml
所有Evolution用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/evolution-2.12.3-r1"
浏览次数:3096
严重程度:0(网友投票)
绿盟科技给您安全的保障