- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4429-1
July 22, 2020
evolution-data-server vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Evolution Data Server could be made to expose sensitive information over
the network.
Software Description:
– evolution-data-server: Evolution suite data server
Details:
It was discovered that Evolution Data Server incorrectly handled STARTTLS
when using SMTP and POP3. A remote attacker could possibly use this issue
to perform a response injection attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
evolution-data-server 3.36.3-0ubuntu1.1
evolution-data-server-common 3.36.3-0ubuntu1.1
libcamel-1.2-62 3.36.3-0ubuntu1.1
libebackend-1.2-10 3.36.3-0ubuntu1.1
libedataserver-1.2-24 3.36.3-0ubuntu1.1
Ubuntu 18.04 LTS:
evolution-data-server 3.28.5-0ubuntu0.18.04.3
evolution-data-server-common 3.28.5-0ubuntu0.18.04.3
libcamel-1.2-61 3.28.5-0ubuntu0.18.04.3
libebackend-1.2-10 3.28.5-0ubuntu0.18.04.3
libedataserver-1.2-23 3.28.5-0ubuntu0.18.04.3
Ubuntu 16.04 LTS:
evolution-data-server 3.18.5-1ubuntu1.3
evolution-data-server-common 3.18.5-1ubuntu1.3
libcamel-1.2-54 3.18.5-1ubuntu1.3
libebackend-1.2-10 3.18.5-1ubuntu1.3
libedataserver-1.2-21 3.18.5-1ubuntu1.3
After a standard system update you need to restart your session to make
all the necessary changes.
References:
https://usn.ubuntu.com/4429-1
CVE-2020-14928
Package Information:
https://launchpad.net/ubuntu/+source/evolution-data-server/3.36.3-0ubuntu1.1
https://launchpad.net/ubuntu/+source/evolution-data-server/3.28.5-0ubuntu0.18.04.3
https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.3
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8YTDEACgkQZWnYVadE
vpNFbg/+N+yMwZyd7Pe+4PJfOJHLSZ3EXjkl2T00WxlRU2NY3BD2lBloDZ0C72jp
UdSyoG7N3xyXTjeZ2epL6dk+nA5AklQRuZZrTbMWfcLmwimT+Vb/8k3+TkWJGLmp
IwdHBUrxXTMg0rsnD5Qvf9s8wp4SUZ4hwVDhQBR94ohID63luppMVChYGbimkoGT
azdZ9cTysZ+hBFolSM51TvgOBq8a8aJGo+ta/8uIs/NyTGJEIMuEDzwAcpufaA6C
USb8UXo0z+bnzK2HVti+kTGEw3Uewzj1cKu8noyryVQgPDHUC9Q6gQtNoA7LUoGM
o7Xyj3Yf6rvyvbBRdjjKGZPHwpdeCbxC/SOH+iMYqib+MpCxNW8xf1iheDMxDQLM
1YokQ6/L02wa6pijPJSFMPgrLhPF/gkBKHaPAXk4yjmczkSokkXK6APoAz+hXTBC
VvD3hrNDLapTjcLRnmDC5CQrDlst8ny2hSOIt1f33v2RsI3q2dHKzI8u/QQR74CY
pMjbb5jlNXesMfUIi3gzEHjnxpYjyBdivf9NmRjAaIenuZndT149h+JkA92n7fpt
9QVPMjcbluCIf2puVAgIP/5rCykAeV8/HwokEt+6hMULQX30QfqFnlQs2poXjPgv
JUF99k9gSCAbwTFv9nchP3/uN0gkwAkoxmfRE1fp9jrKRE9jF6g=
=aUZ8
—–END PGP SIGNATURE—–
—
| Autor | Filip Omazic |
| Cert id | NCERT-REF-2020-07-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
