Intrusion Prevention

GNOME.Evolution.Inline.XML.File.Attachment.Buffer.Overflow

Description

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, has a buffer overflow vulnerability. A remote attacker could cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body.

Affected Products

GNOME Evolution 2.3.7
GNOME Evolution 2.3.6 .1
GNOME Evolution 2.3.6
GNOME Evolution 2.3.5
GNOME Evolution 2.3.4
GNOME Evolution 2.3.3
GNOME Evolution 2.3.2
GNOME Evolution 2.3.1
GNOME Evolution 2.2.3

Impact

Denial of service.

Recommended Actions

Upgrade to the latest version GNOME Evolution, available from the Web site.
Mandriva lib64cairo2-1.0.0-8.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://wwwnew.mandriva.com/en/downloads/
Mandriva lib64cairo2-devel-1.0.0-8.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://wwwnew.mandriva.com/en/downloads/
Mandriva lib64cairo2-static-devel-1.0.0-8.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://wwwnew.mandriva.com/en/downloads/
Mandriva libcairo2-1.0.0-8.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/
Mandriva libcairo2-devel-1.0.0-8.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/
Mandriva libcairo2-static-devel-1.0.0-8.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/

CVE References

CVE-2006-0528