Rapid7 Vulnerability & Exploit Database

RHSA-2003:264: Updated gtkhtml packages fix vulnerability

Back to Search

RHSA-2003:264: Updated gtkhtml packages fix vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
09/17/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated gtkhtml packages that fix a null pointer dereference are now available.

GtkHTML is the HTML rendering widget used by the Evolution mail reader. Versions of GtkHTML prior to 1.1.10 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a null pointer dereference in the GtkHTML library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0541 to this issue. Users of Evolution are advised to upgrade to these erratum packages, which contain GtkHTML version 1.1.10 correcting this issue. Red Hat would like to thank the Ximian security team for investigating and fixing this issue.

Solution(s)

  • redhat-upgrade-gtkhtml
  • redhat-upgrade-gtkhtml-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;