Vulnerability Bulletins |
Denegación de servicio en Evolution sobre Mandriva |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Denegación de Servicio |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Evolution |
Description |
|
|
Se ha descubierto una vulnerabilidad en Evolution, sobre Mandriva Linux 2006.0. La vulnerabilidad reside en un error al mostrar ciertas imágenes si la opción "Load images if sender is in address book" está activada en Edit | Preferences | Mail Preferences | HTML. Un atacante remoto podría causar una denegación de servicio mediante una imagen especialmente diseñada. |
|
Solution |
|
|
Actualización de software Mandriva Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/evolution-2.2.3-10.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/evolution-devel-2.2.3-10.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/evolution-pilot-2.2.3-10.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/evolution-2.2.3-10.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/evolution-2.2.3-10.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/evolution-devel-2.2.3-10.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/evolution-pilot-2.2.3-10.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/evolution-2.2.3-10.1.20060mdk.src.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | |
| BID | |
Other resources |
|
|
Bugzilla - Bug 311440 – Crashes on particular e-mail http://bugzilla.gnome.org/show_bug.cgi?id=311440 Mandriva Security Advisory (MDKSA-2006:094) http://www.mandriva.com/security/advisories?name=MDKSA-2006:094 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-06-02 |