Thomas Kristensen discovered a bitmap file that would cause the Evolution mail reader to crash. This issue was caused by a flaw that affects versions of the gdk-pixbuf package prior to 0.20. To exmploit this a remote attacker could send via email a carefully crafted BMP file to a victim which would cause Evolution to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0111 to this issue. Note: In Red Hat Enterprise Linux 3, Evolution does not use the standalone gdk-pixbuf package and is not subject to this issue, however other applications that may use gdk-pixbuf are still affected. Embargoed until March 10 2004 Will upgrade to gdk-pixbuf > 0.20
Note that Evolution is not shipped for for Red Hat Linux 2.1, therefore exploitation would require some other package that relies on gdk-pixbuf to be run. Errata in progress, due to low risk may be delayed until after March 10th.
removing embargo
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-103.html