Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free grouware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileges via a malicious POP server. This is public already. Message by NotZed: http://lists.ximian.com/archives/public/evolution-patches/2005-January/008672.html CVS commit: http://cvs.gnome.org/viewcvs/evolution/camel/camel-lock-helper.c?rev=1.7&hideattic=0&view=log
Created attachment 49262 [details, diff] CAN-2005-0102.patch
Alastair/Mike please provide an updated ebuild.
There are two new ebuilds that include the patch - 2.0.2-r1 and 2.0.3-r1. Currently, the keywords for evolution are as follows: evolution-2.0.2.ebuild:KEYWORDS="x86 amd64 ppc sparc hppa ia64 ~mips alpha" evolution-2.0.2-r1.ebuild:KEYWORDS="x86 ~amd64 ppc ~sparc ~hppa ~ia64 ~mips ~alpha" evolution-2.0.3.ebuild:KEYWORDS="~x86 ~amd64 ~ppc ~sparc ~hppa ~ia64 ~mips ~alpha" evolution-2.0.3-r1.ebuild:KEYWORDS="~x86 ~amd64 ~ppc ~sparc ~hppa ~ia64 ~mips ~alpha" If all archs could please mark evolution-2.0.2-r1 stable now, and move to evolution-2.0.3-r1 as per usual.
Opening bug. Arches please test and mark stable.
closing again. Calling individual testers in a moment.
Sorry for the arch noise. This is still only semi-public. Arches please test and mark 2.0.2-r1 stable: amd64 -> slarti sparc -> gustavoz hppa -> gmsoft ia64 -> agriffis alpha -> kloeri
AMD64 done, thanks.
[ebuild NS ] mail-client/evolution-2.0.3-r1 +crypt -debug -doc -ipv6 -kerberos +ldap +mozilla -nntp -pda +spell +ssl 0 kB Fails to build here with * Scanning for a open DISPLAY to start Xvfb ... * * Unable to start Xvfb. * * '/usr/X11R6/bin/Xvfb :17 -screen 0 800x600x24' returns: * /var/cvsroot/gentoo-x86//eclass/virtualx.eclass: line 71: /usr/X11R6/bin/Xvfb: No such file or directory * * If possible, correct the above error and try your emerge again. * -------------------------------------------------------------------- I do not have or use framebuffer support. adding liquidx@ to the CC: as he is the listed maintainer.
Removing liquidx. According to Obz he's no longer maintaining this. Obz please update metadata.xml and advise on current ebuild.
Solar see bug 76251 , regarding USE="minimal" xorg-x11 installs, somehow I missed it because it's assigned to azarah.
Ccing DerCorny for the GLSA draft
Public, since Ubuntu leaked it.
2.0.2-r1 stable on sparc. sorry for the delay, but i usually lack X access to sparc during weekends.
Alpha stable.
GLSA 200501-35 hppa/ia64: please mark stable to benefit from GLSA. Thanks to DerCorny for the draft.
Already stable on hppa. ebuild no longer in portage.