Moderate: openchange security, bug fix and enhancement update
| Advisory: | RHSA-2013:0515-2 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2013-02-21 |
| Last updated on: | 2013-02-21 |
| Affected Products: | Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2012-1182 |
Details
Updated openchange packages that fix one security issue, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
The openchange packages provide libraries to access Microsoft Exchange
servers using native protocols. Evolution-MAPI uses these libraries to
integrate the Evolution PIM application with Microsoft Exchange servers.
A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)
compiler. As OpenChange uses code generated by PIDL, this could have
resulted in buffer overflows in the way OpenChange handles RPC calls. With
this update, the code has been generated with an updated version of PIDL to
correct this issue. (CVE-2012-1182)
The openchange packages have been upgraded to upstream version 1.0, which
provides a number of bug fixes and enhancements over the previous version,
including support for the rebased samba4 packages and several API changes.
(BZ#767672, BZ#767678)
This update also fixes the following bugs:
* When the user tried to modify a meeting with one required attendee and
himself as the organizer, a segmentation fault occurred in the memcpy()
function. Consequently, the evolution-data-server application terminated
unexpectedly with a segmentation fault. This bug has been fixed and
evolution-data-server no longer crashes in the described scenario.
(BZ#680061)
* Prior to this update, OpenChange 1.0 was unable to send messages with
a large message body or with extensive attachment. This was caused by minor
issues in OpenChange's exchange.idl definitions. This bug has been fixed
and OpenChange now sends extensive messages without complications.
(BZ#870405)
All users of openchange are advised to upgrade to these updated packages,
which fix these issues and add these enhancements.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Updated packages
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| evolution-mapi-0.28.3-12.el6.src.rpm | MD5: 8859858ee02aa9270b2df9edddc19d95 SHA-256: 6138325ea19290bbbbd50910a48c3fe825c3016033b898069db254c399feb56e |
| openchange-1.0-4.el6.src.rpm | MD5: 64c4a4cced51062ca2a3daaafad25e1a SHA-256: 8a15cd94db17b9078b73269588e65abf8581ca893f2b07bec1b3998b3502cb38 |
| IA-32: | |
| evolution-mapi-0.28.3-12.el6.i686.rpm | MD5: 2fc7e21cf054a33856d29c0daaef4bf4 SHA-256: 953d7ba4455432f4532999e7c6fa2c718fcb6a1339d7b33ae2c28323e606e38c |
| evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm | MD5: 3fb65d224b7867a7ac74e3f7b992512e SHA-256: 547e4e665e28eba57304b6026b5103bc2ff2ed28a9bb7c56ebeeac9f65b7eb3a |
| evolution-mapi-devel-0.28.3-12.el6.i686.rpm | MD5: 2467fe4f7790727c469511855d52ea57 SHA-256: 5591e155b95c8cb143f26d9fd03b3c4555522ac59f55877fff5428a01d688a40 |
| openchange-1.0-4.el6.i686.rpm | MD5: ee82af6ab74c67c6b2b3fea50d4e9adf SHA-256: cd3ed246c81ef37958a1d34361989f7092d6fd0cecbca49ec7bfffc86bf6fc01 |
| openchange-client-1.0-4.el6.i686.rpm | MD5: 02eaaf523982a7a8af2783c840e9512c SHA-256: aaae575c87c46cba5ed0fa64d9411eef43a28f84e63c28d49990c1bb6f261003 |
| openchange-debuginfo-1.0-4.el6.i686.rpm | MD5: 85dec1b480c708a66804e01fa27285ae SHA-256: a8c81bad6104af526dbbf9d209a295b9b4a66df30b69067d4ee41f1a67155e4a |
| openchange-devel-1.0-4.el6.i686.rpm | MD5: a3b8d9df4e6ecb7a80c1793caa8aaaf0 SHA-256: 4933ad5c2efa97b14ee37ac710b4020266f6c87baf705d23f826fff272aaa0a7 |
| openchange-devel-docs-1.0-4.el6.i686.rpm | MD5: bc890f4557ea2d48583b08d724eed3e2 SHA-256: 612df9a1bb3c7296b36049404b61fff39a631ec34be324891658d9b8979b4f6f |
| x86_64: | |
| evolution-mapi-0.28.3-12.el6.x86_64.rpm | MD5: 8d1f5efd44cea69e91f9031a0e603f32 SHA-256: c431730511b8c0d145841d2123c491a12c82d22d6de6c0e6d4df4585694fac60 |
| evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm | MD5: 83281f13cee065ca6162c3ea1d5d9a6c SHA-256: 17f93b47582874ae0eebdcc282fcdfa9ead63055fa1edbd28ed5ea98cfb35fb3 |
| evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm | MD5: fbd5856cff8eeae039380931c77e8020 SHA-256: 97f5588cacc9c50cbbade333b47727eace04dce1335594699a8e0b1b99bea78b |
| openchange-1.0-4.el6.x86_64.rpm | MD5: 207f9c13377faddb84106d3e3b697be6 SHA-256: 4f4b5e5485ea766e8a20f57b8d62ba93bd7c31915cad3e08e59ad18e15e3c19d |
| openchange-client-1.0-4.el6.x86_64.rpm | MD5: d44fca2504937cdadba545761ce8ac55 SHA-256: 6ac83e63cec780ad9e3ef2d1e9e2510dffe78b9c6353c89d8709f909f0cb8b32 |
| openchange-debuginfo-1.0-4.el6.x86_64.rpm | MD5: 3954107f5b4c24f8ce5f78cd8ef8d28c SHA-256: fbc92d7c5ed8dce3805623d49243a82b954c35a78050acadaf5c253f5df37588 |
| openchange-devel-1.0-4.el6.x86_64.rpm | MD5: 40ef7007ba99acd084bb267b6de146fe SHA-256: 5a8ac8634fd79c7a0600c0b4ccdd9562d8198f4550a250ed01aed0db8ec0fdaf |
| openchange-devel-docs-1.0-4.el6.x86_64.rpm | MD5: 5abcc54fe2ea283c63ee2bda74e7163a SHA-256: fdad1a195cd61fd8e9eb1c7fcfd8d5d27ecf179187ede21e6516882bcde49882 |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| evolution-mapi-0.28.3-12.el6.src.rpm | MD5: 8859858ee02aa9270b2df9edddc19d95 SHA-256: 6138325ea19290bbbbd50910a48c3fe825c3016033b898069db254c399feb56e |
| openchange-1.0-4.el6.src.rpm | MD5: 64c4a4cced51062ca2a3daaafad25e1a SHA-256: 8a15cd94db17b9078b73269588e65abf8581ca893f2b07bec1b3998b3502cb38 |
| IA-32: | |
| evolution-mapi-0.28.3-12.el6.i686.rpm | MD5: 2fc7e21cf054a33856d29c0daaef4bf4 SHA-256: 953d7ba4455432f4532999e7c6fa2c718fcb6a1339d7b33ae2c28323e606e38c |
| evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm | MD5: 3fb65d224b7867a7ac74e3f7b992512e SHA-256: 547e4e665e28eba57304b6026b5103bc2ff2ed28a9bb7c56ebeeac9f65b7eb3a |
| evolution-mapi-devel-0.28.3-12.el6.i686.rpm | MD5: 2467fe4f7790727c469511855d52ea57 SHA-256: 5591e155b95c8cb143f26d9fd03b3c4555522ac59f55877fff5428a01d688a40 |
| openchange-1.0-4.el6.i686.rpm | MD5: ee82af6ab74c67c6b2b3fea50d4e9adf SHA-256: cd3ed246c81ef37958a1d34361989f7092d6fd0cecbca49ec7bfffc86bf6fc01 |
| openchange-client-1.0-4.el6.i686.rpm | MD5: 02eaaf523982a7a8af2783c840e9512c SHA-256: aaae575c87c46cba5ed0fa64d9411eef43a28f84e63c28d49990c1bb6f261003 |
| openchange-debuginfo-1.0-4.el6.i686.rpm | MD5: 85dec1b480c708a66804e01fa27285ae SHA-256: a8c81bad6104af526dbbf9d209a295b9b4a66df30b69067d4ee41f1a67155e4a |
| openchange-devel-1.0-4.el6.i686.rpm | MD5: a3b8d9df4e6ecb7a80c1793caa8aaaf0 SHA-256: 4933ad5c2efa97b14ee37ac710b4020266f6c87baf705d23f826fff272aaa0a7 |
| openchange-devel-docs-1.0-4.el6.i686.rpm | MD5: bc890f4557ea2d48583b08d724eed3e2 SHA-256: 612df9a1bb3c7296b36049404b61fff39a631ec34be324891658d9b8979b4f6f |
| PPC: | |
| evolution-mapi-0.28.3-12.el6.ppc64.rpm | MD5: 49304489f8ca4075fdfa6b4a322ebece SHA-256: ca25297bdf1f845352f4f96a89f1dd4907e244d995d22bbcf97f78f2f627a278 |
| evolution-mapi-debuginfo-0.28.3-12.el6.ppc64.rpm | MD5: f6767fd2c39c4b953f3dfbc20ac92ee3 SHA-256: 566d9ba9e5158816690725f2bcb510c0351f57ae00818c9e2385b115797ae78b |
| evolution-mapi-devel-0.28.3-12.el6.ppc64.rpm | MD5: 01ac64afd7d7eeeb590743a3e66c2b40 SHA-256: 708c238a2332c1be2e1095d9314c8b7a225e74716421de63e80c89150a1658c2 |
| openchange-1.0-4.el6.ppc64.rpm | MD5: 7287599bec279bfcff073c981975431d SHA-256: 11a50710ba9001a1c40048196f4d522ec61aac7f523a8801be0775c451ad03e1 |
| openchange-client-1.0-4.el6.ppc64.rpm | MD5: 65df6326b7170f5d7b5051bed0449842 SHA-256: 00257cff474e6d5ab41f187dc47b7725ba0e0e1087e0ead04bd74b333dbbc0b8 |
| openchange-debuginfo-1.0-4.el6.ppc64.rpm | MD5: 54e2f463d790e8cc7c35c14a19af7ca3 SHA-256: 2d7cfa1456a6bea21d6d11f13a9742455b13ea70c02eceea39aea628a4e40aef |
| openchange-devel-1.0-4.el6.ppc64.rpm | MD5: ba9070a6a0b5b5e282425f9050e09dc3 SHA-256: a624d32da6f5b2a1288094f13664e01dc237dd3039e2afe2b228d9ff4da44c0a |
| openchange-devel-docs-1.0-4.el6.ppc64.rpm | MD5: 6fce74eb329c674d71cf34804edab20d SHA-256: 8bd14eb8d82ec46cb03b9b2694930cb11557527054c7cc7b5172981c46483c4c |
| x86_64: | |
| evolution-mapi-0.28.3-12.el6.x86_64.rpm | MD5: 8d1f5efd44cea69e91f9031a0e603f32 SHA-256: c431730511b8c0d145841d2123c491a12c82d22d6de6c0e6d4df4585694fac60 |
| evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm | MD5: 83281f13cee065ca6162c3ea1d5d9a6c SHA-256: 17f93b47582874ae0eebdcc282fcdfa9ead63055fa1edbd28ed5ea98cfb35fb3 |
| evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm | MD5: fbd5856cff8eeae039380931c77e8020 SHA-256: 97f5588cacc9c50cbbade333b47727eace04dce1335594699a8e0b1b99bea78b |
| openchange-1.0-4.el6.x86_64.rpm | MD5: 207f9c13377faddb84106d3e3b697be6 SHA-256: 4f4b5e5485ea766e8a20f57b8d62ba93bd7c31915cad3e08e59ad18e15e3c19d |
| openchange-client-1.0-4.el6.x86_64.rpm | MD5: d44fca2504937cdadba545761ce8ac55 SHA-256: 6ac83e63cec780ad9e3ef2d1e9e2510dffe78b9c6353c89d8709f909f0cb8b32 |
| openchange-debuginfo-1.0-4.el6.x86_64.rpm | MD5: 3954107f5b4c24f8ce5f78cd8ef8d28c SHA-256: fbc92d7c5ed8dce3805623d49243a82b954c35a78050acadaf5c253f5df37588 |
| openchange-devel-1.0-4.el6.x86_64.rpm | MD5: 40ef7007ba99acd084bb267b6de146fe SHA-256: 5a8ac8634fd79c7a0600c0b4ccdd9562d8198f4550a250ed01aed0db8ec0fdaf |
| openchange-devel-docs-1.0-4.el6.x86_64.rpm | MD5: 5abcc54fe2ea283c63ee2bda74e7163a SHA-256: fdad1a195cd61fd8e9eb1c7fcfd8d5d27ecf179187ede21e6516882bcde49882 |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| evolution-mapi-0.28.3-12.el6.src.rpm | MD5: 8859858ee02aa9270b2df9edddc19d95 SHA-256: 6138325ea19290bbbbd50910a48c3fe825c3016033b898069db254c399feb56e |
| openchange-1.0-4.el6.src.rpm | MD5: 64c4a4cced51062ca2a3daaafad25e1a SHA-256: 8a15cd94db17b9078b73269588e65abf8581ca893f2b07bec1b3998b3502cb38 |
| IA-32: | |
| evolution-mapi-0.28.3-12.el6.i686.rpm | MD5: 2fc7e21cf054a33856d29c0daaef4bf4 SHA-256: 953d7ba4455432f4532999e7c6fa2c718fcb6a1339d7b33ae2c28323e606e38c |
| evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm | MD5: 3fb65d224b7867a7ac74e3f7b992512e SHA-256: 547e4e665e28eba57304b6026b5103bc2ff2ed28a9bb7c56ebeeac9f65b7eb3a |
| evolution-mapi-devel-0.28.3-12.el6.i686.rpm | MD5: 2467fe4f7790727c469511855d52ea57 SHA-256: 5591e155b95c8cb143f26d9fd03b3c4555522ac59f55877fff5428a01d688a40 |
| openchange-1.0-4.el6.i686.rpm | MD5: ee82af6ab74c67c6b2b3fea50d4e9adf SHA-256: cd3ed246c81ef37958a1d34361989f7092d6fd0cecbca49ec7bfffc86bf6fc01 |
| openchange-client-1.0-4.el6.i686.rpm | MD5: 02eaaf523982a7a8af2783c840e9512c SHA-256: aaae575c87c46cba5ed0fa64d9411eef43a28f84e63c28d49990c1bb6f261003 |
| openchange-debuginfo-1.0-4.el6.i686.rpm | MD5: 85dec1b480c708a66804e01fa27285ae SHA-256: a8c81bad6104af526dbbf9d209a295b9b4a66df30b69067d4ee41f1a67155e4a |
| openchange-devel-1.0-4.el6.i686.rpm | MD5: a3b8d9df4e6ecb7a80c1793caa8aaaf0 SHA-256: 4933ad5c2efa97b14ee37ac710b4020266f6c87baf705d23f826fff272aaa0a7 |
| openchange-devel-docs-1.0-4.el6.i686.rpm | MD5: bc890f4557ea2d48583b08d724eed3e2 SHA-256: 612df9a1bb3c7296b36049404b61fff39a631ec34be324891658d9b8979b4f6f |
| x86_64: | |
| evolution-mapi-0.28.3-12.el6.x86_64.rpm | MD5: 8d1f5efd44cea69e91f9031a0e603f32 SHA-256: c431730511b8c0d145841d2123c491a12c82d22d6de6c0e6d4df4585694fac60 |
| evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm | MD5: 83281f13cee065ca6162c3ea1d5d9a6c SHA-256: 17f93b47582874ae0eebdcc282fcdfa9ead63055fa1edbd28ed5ea98cfb35fb3 |
| evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm | MD5: fbd5856cff8eeae039380931c77e8020 SHA-256: 97f5588cacc9c50cbbade333b47727eace04dce1335594699a8e0b1b99bea78b |
| openchange-1.0-4.el6.x86_64.rpm | MD5: 207f9c13377faddb84106d3e3b697be6 SHA-256: 4f4b5e5485ea766e8a20f57b8d62ba93bd7c31915cad3e08e59ad18e15e3c19d |
| openchange-client-1.0-4.el6.x86_64.rpm | MD5: d44fca2504937cdadba545761ce8ac55 SHA-256: 6ac83e63cec780ad9e3ef2d1e9e2510dffe78b9c6353c89d8709f909f0cb8b32 |
| openchange-debuginfo-1.0-4.el6.x86_64.rpm | MD5: 3954107f5b4c24f8ce5f78cd8ef8d28c SHA-256: fbc92d7c5ed8dce3805623d49243a82b954c35a78050acadaf5c253f5df37588 |
| openchange-devel-1.0-4.el6.x86_64.rpm | MD5: 40ef7007ba99acd084bb267b6de146fe SHA-256: 5a8ac8634fd79c7a0600c0b4ccdd9562d8198f4550a250ed01aed0db8ec0fdaf |
| openchange-devel-docs-1.0-4.el6.x86_64.rpm | MD5: 5abcc54fe2ea283c63ee2bda74e7163a SHA-256: fdad1a195cd61fd8e9eb1c7fcfd8d5d27ecf179187ede21e6516882bcde49882 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
680061 - evolution-data-server crashes in memcpy
685034 - [PATCH] (SIGABRT) FindGoodServer, OpenUserMailbox, exchange_mapi_set_flags
767672 - Rebase openchange libraries
767678 - Patch evolution-mapi to handle new openchange API
804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output
870405 - Cannot send mail with large message body
903241 - Double-free on message copy/move
References
https://www.redhat.com/security/data/cve/CVE-2012-1182.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
