Amazon Linux 2 Security Advisory: ALAS2-2025-2833
Advisory Released Date: 2025-04-16
Advisory Updated Date: 2025-04-16
Severity:
Medium
Issue Overview:
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. (CVE-2020-11879)
Affected Packages:
evolution
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update evolution to update your system.
New Packages:
aarch64:
evolution-3.28.5-10.amzn2.0.3.aarch64
evolution-devel-3.28.5-10.amzn2.0.3.aarch64
evolution-bogofilter-3.28.5-10.amzn2.0.3.aarch64
evolution-spamassassin-3.28.5-10.amzn2.0.3.aarch64
evolution-pst-3.28.5-10.amzn2.0.3.aarch64
evolution-debuginfo-3.28.5-10.amzn2.0.3.aarch64
i686:
evolution-3.28.5-10.amzn2.0.3.i686
evolution-devel-3.28.5-10.amzn2.0.3.i686
evolution-bogofilter-3.28.5-10.amzn2.0.3.i686
evolution-spamassassin-3.28.5-10.amzn2.0.3.i686
evolution-pst-3.28.5-10.amzn2.0.3.i686
evolution-debuginfo-3.28.5-10.amzn2.0.3.i686
noarch:
evolution-devel-docs-3.28.5-10.amzn2.0.3.noarch
evolution-langpacks-3.28.5-10.amzn2.0.3.noarch
evolution-help-3.28.5-10.amzn2.0.3.noarch
src:
evolution-3.28.5-10.amzn2.0.3.src
x86_64:
evolution-3.28.5-10.amzn2.0.3.x86_64
evolution-devel-3.28.5-10.amzn2.0.3.x86_64
evolution-bogofilter-3.28.5-10.amzn2.0.3.x86_64
evolution-spamassassin-3.28.5-10.amzn2.0.3.x86_64
evolution-pst-3.28.5-10.amzn2.0.3.x86_64
evolution-debuginfo-3.28.5-10.amzn2.0.3.x86_64