Two critical bugs in Evolution
Evolution, the Gnome desktop's standard email client and personal information manager contains two security vulnerabilities which can apparently be exploited to inject and execute code on a system. According to Secunia there is a time zone string parsing bug in the processing of iCalendar appointment attachments that could lead to a buffer overflow. However, for this to happen the ITip Formatter plugin must be deactivated. In addition, a heap overflow can occur when replying to iCalendar requests if the DESCRIPTION
field of an attachment is too long. However, this attack is apparently only possible while the victim is in calendar view.
The bugs were found in version 2.22.1, but previous versions are probably also vulnerable. No update has yet been posted on the official web site, but some Linux distributors have already released updated packages. Alternatively, Secunia recommends users not to open emails from untrusted sources. Security-conscious users are advised not to use Evolution until further notice.
See also:
- Evolution iCalendar Timezone Buffer Overflow, Secunia security advisory
- Evolution iCalendar "DESCRIPTION" Property Buffer Overflow, Secunia security advisory
- evolution security update, Red Hat security advisory
(mba)