Vulnerabilities > CVE-2008-1108 - Buffer Errors vulnerability in Gnome Evolution 2.2.1

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

gnome

CWE-119

nessus

NVD

Published: 2008-06-04

Updated: 2017-09-29

Summary

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

Vulnerable Configurations

Part	Description	Count
Application	Gnome Gnome Evolution 2.2.1	1

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-111.NASL
description	Alan Rad Pop of Secunia Research discovered the following two vulnerabilities in Evolution : Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the Itip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or potentially execute arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	37236
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37236
title	Mandriva Linux Security Advisory : evolution (MDVSA-2008:111)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0517.NASL
description	Updated evolution packages that address a buffer overflow vulnerability are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. All users of Evolution should upgrade to these updated packages, which contains a backported patch which resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	63856
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63856
title	RHEL 4 : evolution (RHSA-2008:0517)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0516.NASL
description	From Red Hat Security Advisory 2008:0516 : Updated evolution packages that address a buffer overflow vulnerability are now available for Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. All users of Evolution should upgrade to these updated packages, which contains a backported patch which resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	67705
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67705
title	Oracle Linux 3 / 4 : evolution (ELSA-2008-0516)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0515.NASL
description	Updated evolution28 packages that address two buffer overflow vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of
last seen	2020-06-01
modified	2020-06-02
plugin id	33110
published	2008-06-09
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33110
title	CentOS 4 : evolution28 (CESA-2008:0515)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-5016.NASL
description	Fix two buffer overflows in iCalendar .ics file fromat support discovered and reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109, SA30298 See referenced bugzilla bugs or Secunia advisories for further details: http://secunia.com/advisories/30298 http://secunia.com/secunia_research/2008-22/advisory/ http://secunia.com/secunia_research/2008-23/advisory/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33115
published	2008-06-09
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33115
title	Fedora 8 : evolution-2.12.3-5.fc8 (2008-5016)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-4990.NASL
description	Fix two buffer overflows in iCalendar .ics file fromat support discovered and reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109, SA30298 See referenced bugzilla bugs or Secunia advisories for further details: http://secunia.com/advisories/30298 http://secunia.com/secunia_research/2008-22/advisory/ http://secunia.com/secunia_research/2008-23/advisory/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33113
published	2008-06-09
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33113
title	Fedora 9 : evolution-2.22.2-2.fc9 (2008-4990)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200806-06.NASL
description	The remote host is affected by the vulnerability described in GLSA-200806-06 (Evolution: User-assisted execution of arbitrary code) Alin Rad Pop (Secunia Research) reported two vulnerabilities in Evolution: A boundary error exists when parsing overly long timezone strings contained within iCalendar attachments and when the ITip formatter is disabled (CVE-2008-1108). A boundary error exists when replying to an iCalendar request with an overly long
last seen	2020-06-01
modified	2020-06-02
plugin id	33203
published	2008-06-18
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33203
title	GLSA-200806-06 : Evolution: User-assisted execution of arbitrary code

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-615-1.NASL
description	Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or possibly execute code with user privileges. Note that the ITip Formatter plugin is enabled by default in Ubuntu. (CVE-2008-1108) Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker code cause a denial of service or execute code with user privileges. (CVE-2008-1109) Matej Cepl discovered that Evolution did not properly validate date fields when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service. Note that the ITip Formatter plugin is enabled by default in Ubuntu. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33124
published	2008-06-09
reporter	Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33124
title	Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : evolution vulnerabilities (USN-615-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0516.NASL
description	Updated evolution packages that address a buffer overflow vulnerability are now available for Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. All users of Evolution should upgrade to these updated packages, which contains a backported patch which resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	33111
published	2008-06-09
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33111
title	CentOS 3 / 4 : evolution (CESA-2008:0516)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080604_EVOLUTION28_ON_SL4_6.NASL
description	A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of
last seen	2020-06-01
modified	2020-06-02
plugin id	60416
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60416
title	Scientific Linux Security Update : evolution28 on SL4.6 i386/x86_64

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0515.NASL
description	Updated evolution28 packages that address two buffer overflow vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of
last seen	2020-06-01
modified	2020-06-02
plugin id	33097
published	2008-06-05
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33097
title	RHEL 4 : evolution28 (RHSA-2008:0515)

NASL family	SuSE Local Security Checks
NASL id	SUSE_EVOLUTION-5326.NASL
description	Multiple buffer overflows have been fixed in evolution. CVE-2008-1108 and CVE-2008-1109 have been assigned to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	33193
published	2008-06-16
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33193
title	openSUSE 10 Security Update : evolution (evolution-5326)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-5018.NASL
description	Fix two buffer overflows in iCalendar .ics file fromat support discovered and reported by Alin Rad Pop of the Secunia Research: CVE-2008-1108, CVE-2008-1109, SA30298 See referenced bugzilla bugs or Secunia advisories for further details: http://secunia.com/advisories/30298 http://secunia.com/secunia_research/2008-22/advisory/ http://secunia.com/secunia_research/2008-23/advisory/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33116
published	2008-06-09
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33116
title	Fedora 7 : evolution-2.10.3-10.fc7 (2008-5018)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0514.NASL
description	Updated evolution packages that fix two buffer overflow vulnerabilities are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of
last seen	2020-06-01
modified	2020-06-02
plugin id	43691
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43691
title	CentOS 5 : evolution (CESA-2008:0514)

NASL family	SuSE Local Security Checks
NASL id	SUSE_EVOLUTION-5327.NASL
description	Multiple buffer overflows have been fixed in evolution. CVE-2008-1108 / CVE-2008-1109 have been assigned to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	33194
published	2008-06-16
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33194
title	SuSE 10 Security Update : evolution (ZYPP Patch Number 5327)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0514.NASL
description	Updated evolution packages that fix two buffer overflow vulnerabilities are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of
last seen	2020-06-01
modified	2020-06-02
plugin id	33086
published	2008-06-04
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33086
title	RHEL 5 : evolution (RHSA-2008:0514)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0515.NASL
description	From Red Hat Security Advisory 2008:0515 : Updated evolution28 packages that address two buffer overflow vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of
last seen	2020-06-01
modified	2020-06-02
plugin id	67704
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67704
title	Oracle Linux 4 : evolution28 (ELSA-2008-0515)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0516.NASL
description	Updated evolution packages that address a buffer overflow vulnerability are now available for Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. All users of Evolution should upgrade to these updated packages, which contains a backported patch which resolves this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	33098
published	2008-06-05
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33098
title	RHEL 3 / 4 : evolution (RHSA-2008:0516)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080604_EVOLUTION_ON_SL5_X.NASL
description	A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of
last seen	2020-06-01
modified	2020-06-02
plugin id	60418
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60418
title	Scientific Linux Security Update : evolution on SL5.x i386/x86_64

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080604_EVOLUTION_ON_SL3_X.NASL
description	A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108)
last seen	2020-06-01
modified	2020-06-02
plugin id	60417
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60417
title	Scientific Linux Security Update : evolution on SL3.x, SL4.x i386/x86_64

Oval

accepted

2013-04-29T04:05:56.860-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

family

unix

oval:org.mitre.oval:def:10471

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

version

Redhat

advisories

bugzilla

id	448540
title	CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone specification

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment evolution-devel is earlier than 0:2.0.2-35.0.4.el4_6.2
oval oval:com.redhat.rhsa:tst:20080516001
comment evolution-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20070353002
AND
comment evolution is earlier than 0:2.0.2-35.0.4.el4_6.2
oval oval:com.redhat.rhsa:tst:20080516003
comment evolution is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20070353004

rhsa

id	RHSA-2008:0516
released	2008-06-04
severity	Critical
title	RHSA-2008:0516: evolution security update (Critical)

rhsa
id RHSA-2008:0514
rhsa
id RHSA-2008:0515
rhsa
id RHSA-2008:0517

rpms

evolution-0:2.12.3-8.el5_2.2
evolution-debuginfo-0:2.12.3-8.el5_2.2
evolution-devel-0:2.12.3-8.el5_2.2
evolution-help-0:2.12.3-8.el5_2.2
evolution28-0:2.8.0-53.el4_6.3
evolution28-debuginfo-0:2.8.0-53.el4_6.3
evolution28-devel-0:2.8.0-53.el4_6.3
evolution-0:1.4.5-22.el3
evolution-0:2.0.2-35.0.4.el4_6.2
evolution-debuginfo-0:1.4.5-22.el3
evolution-debuginfo-0:2.0.2-35.0.4.el4_6.2
evolution-devel-0:1.4.5-22.el3
evolution-devel-0:2.0.2-35.0.4.el4_6.2
evolution-0:2.0.2-35.0.4.el4_5.2
evolution-debuginfo-0:2.0.2-35.0.4.el4_5.2
evolution-devel-0:2.0.2-35.0.4.el4_5.2

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

References