You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa evolution-data-server

Sigurnosni nedostatak programskog paketa evolution-data-server

==========================================================================
Ubuntu Security Notice USN-4429-1
July 22, 2020

evolution-data-server vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Evolution Data Server could be made to expose sensitive information over
the network.

Software Description:
– evolution-data-server: Evolution suite data server

Details:

It was discovered that Evolution Data Server incorrectly handled STARTTLS
when using SMTP and POP3. A remote attacker could possibly use this issue
to perform a response injection attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
evolution-data-server 3.36.3-0ubuntu1.1
evolution-data-server-common 3.36.3-0ubuntu1.1
libcamel-1.2-62 3.36.3-0ubuntu1.1
libebackend-1.2-10 3.36.3-0ubuntu1.1
libedataserver-1.2-24 3.36.3-0ubuntu1.1

Ubuntu 18.04 LTS:
evolution-data-server 3.28.5-0ubuntu0.18.04.3
evolution-data-server-common 3.28.5-0ubuntu0.18.04.3
libcamel-1.2-61 3.28.5-0ubuntu0.18.04.3
libebackend-1.2-10 3.28.5-0ubuntu0.18.04.3
libedataserver-1.2-23 3.28.5-0ubuntu0.18.04.3

Ubuntu 16.04 LTS:
evolution-data-server 3.18.5-1ubuntu1.3
evolution-data-server-common 3.18.5-1ubuntu1.3
libcamel-1.2-54 3.18.5-1ubuntu1.3
libebackend-1.2-10 3.18.5-1ubuntu1.3
libedataserver-1.2-21 3.18.5-1ubuntu1.3

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/4429-1
CVE-2020-14928

Package Information:
https://launchpad.net/ubuntu/+source/evolution-data-server/3.36.3-0ubuntu1.1
https://launchpad.net/ubuntu/+source/evolution-data-server/3.28.5-0ubuntu0.18.04.3
https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.3

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8YTDEACgkQZWnYVadE
vpNFbg/+N+yMwZyd7Pe+4PJfOJHLSZ3EXjkl2T00WxlRU2NY3BD2lBloDZ0C72jp
UdSyoG7N3xyXTjeZ2epL6dk+nA5AklQRuZZrTbMWfcLmwimT+Vb/8k3+TkWJGLmp
IwdHBUrxXTMg0rsnD5Qvf9s8wp4SUZ4hwVDhQBR94ohID63luppMVChYGbimkoGT
azdZ9cTysZ+hBFolSM51TvgOBq8a8aJGo+ta/8uIs/NyTGJEIMuEDzwAcpufaA6C
USb8UXo0z+bnzK2HVti+kTGEw3Uewzj1cKu8noyryVQgPDHUC9Q6gQtNoA7LUoGM
o7Xyj3Yf6rvyvbBRdjjKGZPHwpdeCbxC/SOH+iMYqib+MpCxNW8xf1iheDMxDQLM
1YokQ6/L02wa6pijPJSFMPgrLhPF/gkBKHaPAXk4yjmczkSokkXK6APoAz+hXTBC
VvD3hrNDLapTjcLRnmDC5CQrDlst8ny2hSOIt1f33v2RsI3q2dHKzI8u/QQR74CY
pMjbb5jlNXesMfUIi3gzEHjnxpYjyBdivf9NmRjAaIenuZndT149h+JkA92n7fpt
9QVPMjcbluCIf2puVAgIP/5rCykAeV8/HwokEt+6hMULQX30QfqFnlQs2poXjPgv
JUF99k9gSCAbwTFv9nchP3/uN0gkwAkoxmfRE1fp9jrKRE9jF6g=
=aUZ8
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa cacti-spine

Otkriven je sigurnosni nedostatak u programskom paketu cacti-spine za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje SQL injection...

Close