______________________________________________________________________ Mandrake Linux Security Update Advisory ______________________________________________________________________ Package name: evolution Advisory ID: MDKSA-2003:045 Date: April 15th, 2003 Affected versions: 9.0, 9.1 ______________________________________________________________________ Problem Description: Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources. ______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0130 ______________________________________________________________________ Updated Packages: Mandrake Linux 9.0: 4017fce554fd77f98e0d9bb233d633d1 9.0/RPMS/evolution-1.0.8-3.1mdk.i586.rpm 6bca540121a25581c3406ec0b7395da3 9.0/RPMS/evolution-pilot-1.0.8-3.1mdk.i586.rpm a0f94f81909464a35106a1160b26da04 9.0/RPMS/libevolution0-1.0.8-3.1mdk.i586.rpm 9f7ffdb41787bd97b9e26499f3ad450b 9.0/RPMS/libevolution0-devel-1.0.8-3.1mdk.i586.rpm 2617a839bcd46a13a94a9b503152980d 9.0/SRPMS/evolution-1.0.8-3.1mdk.src.rpm Mandrake Linux 9.1: b4e86a65afa57dd4968c1ef8c3ba6b70 9.1/RPMS/evolution-1.2.4-1.1mdk.i586.rpm b244e928c223e91e4722585b04c3f879 9.1/RPMS/evolution-pilot-1.2.4-1.1mdk.i586.rpm a67811e02cc04481617b528149046b99 9.1/RPMS/libevolution0-1.2.4-1.1mdk.i586.rpm 3af2441bcdc1899c54ee74b6674ca696 9.1/RPMS/libevolution0-devel-1.2.4-1.1mdk.i586.rpm 2e12234f74a5c87b46da7542f9af8da5 9.1/SRPMS/evolution-1.2.4-1.1mdk.src.rpm Mandrake Linux 9.1/PPC: e42479764a609b975755a7bcc3f4b921 ppc/9.1/RPMS/evolution-1.2.4-1.1mdk.ppc.rpm 38f45195f20c78fb68d694bfc8acc9b3 ppc/9.1/RPMS/evolution-pilot-1.2.4-1.1mdk.ppc.rpm 5fc381b620484c57987cc20c0181a3e3 ppc/9.1/RPMS/libevolution0-1.2.4-1.1mdk.ppc.rpm 4edf8acf04219ab72339f4786e690d06 ppc/9.1/RPMS/libevolution0-devel-1.2.4-1.1mdk.ppc.rpm 2e12234f74a5c87b46da7542f9af8da5 ppc/9.1/SRPMS/evolution-1.2.4-1.1mdk.src.rpm ______________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ______________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team ______________________________________________________________________ Mandrake Linux Security Update Advisory ______________________________________________________________________ Package name: gtkhtml Advisory ID: MDKSA-2003:046 Date: April 15th, 2003 Affected versions: 9.1 ______________________________________________________________________ Problem Description: A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this bug. ______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0133 ______________________________________________________________________ Updated Packages: Mandrake Linux 9.1: 0d70ee8b14894ca33b7861a72b0475d0 9.1/RPMS/gtkhtml-1.1.10-2.1mdk.i586.rpm cfe7ed73a2dbda67027ae098c7ff4c30 9.1/RPMS/libgtkhtml1.1_3-1.1.10-2.1mdk.i586.rpm ccf63beed4742e7a094998ed9462ef2d 9.1/RPMS/libgtkhtml1.1_3-devel-1.1.10-2.1mdk.i586.rpm 7af29a0d5de7a701f99b2eeb35b60129 9.1/SRPMS/gtkhtml-1.1.10-2.1mdk.src.rpm Mandrake Linux 9.1/PPC: 7b18625abf51ac3379ac808491532987 ppc/9.1/RPMS/gtkhtml-1.1.10-2.1mdk.ppc.rpm 9d1e27cfc17c805f6b1fb5ed7798d33b ppc/9.1/RPMS/libgtkhtml1.1_3-1.1.10-2.1mdk.ppc.rpm aea147d9be293b64768f93f225c2fa3a ppc/9.1/RPMS/libgtkhtml1.1_3-devel-1.1.10-2.1mdk.ppc.rpm 7af29a0d5de7a701f99b2eeb35b60129 ppc/9.1/SRPMS/gtkhtml-1.1.10-2.1mdk.src.rpm ______________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ______________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
Mandarke Linux Advisories: evolution, gtkhtml
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis