Skip to navigation

Security Advisory Moderate: openchange security, bug fix and enhancement update

Advisory: RHSA-2013:0515-2
Type: Security Advisory
Severity: Moderate
Issued on: 2013-02-21
Last updated on: 2013-02-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-1182

Details

Updated openchange packages that fix one security issue, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The openchange packages provide libraries to access Microsoft Exchange
servers using native protocols. Evolution-MAPI uses these libraries to
integrate the Evolution PIM application with Microsoft Exchange servers.

A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)
compiler. As OpenChange uses code generated by PIDL, this could have
resulted in buffer overflows in the way OpenChange handles RPC calls. With
this update, the code has been generated with an updated version of PIDL to
correct this issue. (CVE-2012-1182)

The openchange packages have been upgraded to upstream version 1.0, which
provides a number of bug fixes and enhancements over the previous version,
including support for the rebased samba4 packages and several API changes.
(BZ#767672, BZ#767678)

This update also fixes the following bugs:

* When the user tried to modify a meeting with one required attendee and
himself as the organizer, a segmentation fault occurred in the memcpy()
function. Consequently, the evolution-data-server application terminated
unexpectedly with a segmentation fault. This bug has been fixed and
evolution-data-server no longer crashes in the described scenario.
(BZ#680061)

* Prior to this update, OpenChange 1.0 was unable to send messages with
a large message body or with extensive attachment. This was caused by minor
issues in OpenChange's exchange.idl definitions. This bug has been fixed
and OpenChange now sends extensive messages without complications.
(BZ#870405)

All users of openchange are advised to upgrade to these updated packages,
which fix these issues and add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
evolution-mapi-0.28.3-12.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 410e3cf5e055a6752abc0697f7b064de
SHA-256: 8bc7f5ce69c8c7cd48b0297ea5149fd232fee466557947d9c162d3a6e123b6a9
openchange-1.0-4.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 03ee353b0c5a0b2fd858a289ec82ef20
SHA-256: ff4d2727458a8af84ef9a16953e656fbc646b36976261e7d0fc0a2546c359ab5
 
IA-32:
evolution-mapi-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 2fc7e21cf054a33856d29c0daaef4bf4
SHA-256: 953d7ba4455432f4532999e7c6fa2c718fcb6a1339d7b33ae2c28323e606e38c
evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3fb65d224b7867a7ac74e3f7b992512e
SHA-256: 547e4e665e28eba57304b6026b5103bc2ff2ed28a9bb7c56ebeeac9f65b7eb3a
evolution-mapi-devel-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 2467fe4f7790727c469511855d52ea57
SHA-256: 5591e155b95c8cb143f26d9fd03b3c4555522ac59f55877fff5428a01d688a40
openchange-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: ee82af6ab74c67c6b2b3fea50d4e9adf
SHA-256: cd3ed246c81ef37958a1d34361989f7092d6fd0cecbca49ec7bfffc86bf6fc01
openchange-client-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 02eaaf523982a7a8af2783c840e9512c
SHA-256: aaae575c87c46cba5ed0fa64d9411eef43a28f84e63c28d49990c1bb6f261003
openchange-debuginfo-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 85dec1b480c708a66804e01fa27285ae
SHA-256: a8c81bad6104af526dbbf9d209a295b9b4a66df30b69067d4ee41f1a67155e4a
openchange-devel-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: a3b8d9df4e6ecb7a80c1793caa8aaaf0
SHA-256: 4933ad5c2efa97b14ee37ac710b4020266f6c87baf705d23f826fff272aaa0a7
openchange-devel-docs-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: bc890f4557ea2d48583b08d724eed3e2
SHA-256: 612df9a1bb3c7296b36049404b61fff39a631ec34be324891658d9b8979b4f6f
 
x86_64:
evolution-mapi-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 8d1f5efd44cea69e91f9031a0e603f32
SHA-256: c431730511b8c0d145841d2123c491a12c82d22d6de6c0e6d4df4585694fac60
evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 83281f13cee065ca6162c3ea1d5d9a6c
SHA-256: 17f93b47582874ae0eebdcc282fcdfa9ead63055fa1edbd28ed5ea98cfb35fb3
evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: fbd5856cff8eeae039380931c77e8020
SHA-256: 97f5588cacc9c50cbbade333b47727eace04dce1335594699a8e0b1b99bea78b
openchange-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 207f9c13377faddb84106d3e3b697be6
SHA-256: 4f4b5e5485ea766e8a20f57b8d62ba93bd7c31915cad3e08e59ad18e15e3c19d
openchange-client-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: d44fca2504937cdadba545761ce8ac55
SHA-256: 6ac83e63cec780ad9e3ef2d1e9e2510dffe78b9c6353c89d8709f909f0cb8b32
openchange-debuginfo-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3954107f5b4c24f8ce5f78cd8ef8d28c
SHA-256: fbc92d7c5ed8dce3805623d49243a82b954c35a78050acadaf5c253f5df37588
openchange-devel-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 40ef7007ba99acd084bb267b6de146fe
SHA-256: 5a8ac8634fd79c7a0600c0b4ccdd9562d8198f4550a250ed01aed0db8ec0fdaf
openchange-devel-docs-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 5abcc54fe2ea283c63ee2bda74e7163a
SHA-256: fdad1a195cd61fd8e9eb1c7fcfd8d5d27ecf179187ede21e6516882bcde49882
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
evolution-mapi-0.28.3-12.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 410e3cf5e055a6752abc0697f7b064de
SHA-256: 8bc7f5ce69c8c7cd48b0297ea5149fd232fee466557947d9c162d3a6e123b6a9
openchange-1.0-4.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 03ee353b0c5a0b2fd858a289ec82ef20
SHA-256: ff4d2727458a8af84ef9a16953e656fbc646b36976261e7d0fc0a2546c359ab5
 
IA-32:
evolution-mapi-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 2fc7e21cf054a33856d29c0daaef4bf4
SHA-256: 953d7ba4455432f4532999e7c6fa2c718fcb6a1339d7b33ae2c28323e606e38c
evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3fb65d224b7867a7ac74e3f7b992512e
SHA-256: 547e4e665e28eba57304b6026b5103bc2ff2ed28a9bb7c56ebeeac9f65b7eb3a
evolution-mapi-devel-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 2467fe4f7790727c469511855d52ea57
SHA-256: 5591e155b95c8cb143f26d9fd03b3c4555522ac59f55877fff5428a01d688a40
openchange-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: ee82af6ab74c67c6b2b3fea50d4e9adf
SHA-256: cd3ed246c81ef37958a1d34361989f7092d6fd0cecbca49ec7bfffc86bf6fc01
openchange-client-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 02eaaf523982a7a8af2783c840e9512c
SHA-256: aaae575c87c46cba5ed0fa64d9411eef43a28f84e63c28d49990c1bb6f261003
openchange-debuginfo-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 85dec1b480c708a66804e01fa27285ae
SHA-256: a8c81bad6104af526dbbf9d209a295b9b4a66df30b69067d4ee41f1a67155e4a
openchange-devel-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: a3b8d9df4e6ecb7a80c1793caa8aaaf0
SHA-256: 4933ad5c2efa97b14ee37ac710b4020266f6c87baf705d23f826fff272aaa0a7
openchange-devel-docs-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: bc890f4557ea2d48583b08d724eed3e2
SHA-256: 612df9a1bb3c7296b36049404b61fff39a631ec34be324891658d9b8979b4f6f
 
PPC:
evolution-mapi-0.28.3-12.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 49304489f8ca4075fdfa6b4a322ebece
SHA-256: ca25297bdf1f845352f4f96a89f1dd4907e244d995d22bbcf97f78f2f627a278
evolution-mapi-debuginfo-0.28.3-12.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: f6767fd2c39c4b953f3dfbc20ac92ee3
SHA-256: 566d9ba9e5158816690725f2bcb510c0351f57ae00818c9e2385b115797ae78b
evolution-mapi-devel-0.28.3-12.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 01ac64afd7d7eeeb590743a3e66c2b40
SHA-256: 708c238a2332c1be2e1095d9314c8b7a225e74716421de63e80c89150a1658c2
openchange-1.0-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 7287599bec279bfcff073c981975431d
SHA-256: 11a50710ba9001a1c40048196f4d522ec61aac7f523a8801be0775c451ad03e1
openchange-client-1.0-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 65df6326b7170f5d7b5051bed0449842
SHA-256: 00257cff474e6d5ab41f187dc47b7725ba0e0e1087e0ead04bd74b333dbbc0b8
openchange-debuginfo-1.0-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 54e2f463d790e8cc7c35c14a19af7ca3
SHA-256: 2d7cfa1456a6bea21d6d11f13a9742455b13ea70c02eceea39aea628a4e40aef
openchange-devel-1.0-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: ba9070a6a0b5b5e282425f9050e09dc3
SHA-256: a624d32da6f5b2a1288094f13664e01dc237dd3039e2afe2b228d9ff4da44c0a
openchange-devel-docs-1.0-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 6fce74eb329c674d71cf34804edab20d
SHA-256: 8bd14eb8d82ec46cb03b9b2694930cb11557527054c7cc7b5172981c46483c4c
 
x86_64:
evolution-mapi-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 8d1f5efd44cea69e91f9031a0e603f32
SHA-256: c431730511b8c0d145841d2123c491a12c82d22d6de6c0e6d4df4585694fac60
evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 83281f13cee065ca6162c3ea1d5d9a6c
SHA-256: 17f93b47582874ae0eebdcc282fcdfa9ead63055fa1edbd28ed5ea98cfb35fb3
evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: fbd5856cff8eeae039380931c77e8020
SHA-256: 97f5588cacc9c50cbbade333b47727eace04dce1335594699a8e0b1b99bea78b
openchange-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 207f9c13377faddb84106d3e3b697be6
SHA-256: 4f4b5e5485ea766e8a20f57b8d62ba93bd7c31915cad3e08e59ad18e15e3c19d
openchange-client-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: d44fca2504937cdadba545761ce8ac55
SHA-256: 6ac83e63cec780ad9e3ef2d1e9e2510dffe78b9c6353c89d8709f909f0cb8b32
openchange-debuginfo-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3954107f5b4c24f8ce5f78cd8ef8d28c
SHA-256: fbc92d7c5ed8dce3805623d49243a82b954c35a78050acadaf5c253f5df37588
openchange-devel-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 40ef7007ba99acd084bb267b6de146fe
SHA-256: 5a8ac8634fd79c7a0600c0b4ccdd9562d8198f4550a250ed01aed0db8ec0fdaf
openchange-devel-docs-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 5abcc54fe2ea283c63ee2bda74e7163a
SHA-256: fdad1a195cd61fd8e9eb1c7fcfd8d5d27ecf179187ede21e6516882bcde49882
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
evolution-mapi-0.28.3-12.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 410e3cf5e055a6752abc0697f7b064de
SHA-256: 8bc7f5ce69c8c7cd48b0297ea5149fd232fee466557947d9c162d3a6e123b6a9
openchange-1.0-4.el6.src.rpm
File outdated by:  RHSA-2013:1540
    MD5: 03ee353b0c5a0b2fd858a289ec82ef20
SHA-256: ff4d2727458a8af84ef9a16953e656fbc646b36976261e7d0fc0a2546c359ab5
 
IA-32:
evolution-mapi-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 2fc7e21cf054a33856d29c0daaef4bf4
SHA-256: 953d7ba4455432f4532999e7c6fa2c718fcb6a1339d7b33ae2c28323e606e38c
evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3fb65d224b7867a7ac74e3f7b992512e
SHA-256: 547e4e665e28eba57304b6026b5103bc2ff2ed28a9bb7c56ebeeac9f65b7eb3a
evolution-mapi-devel-0.28.3-12.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 2467fe4f7790727c469511855d52ea57
SHA-256: 5591e155b95c8cb143f26d9fd03b3c4555522ac59f55877fff5428a01d688a40
openchange-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: ee82af6ab74c67c6b2b3fea50d4e9adf
SHA-256: cd3ed246c81ef37958a1d34361989f7092d6fd0cecbca49ec7bfffc86bf6fc01
openchange-client-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 02eaaf523982a7a8af2783c840e9512c
SHA-256: aaae575c87c46cba5ed0fa64d9411eef43a28f84e63c28d49990c1bb6f261003
openchange-debuginfo-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: 85dec1b480c708a66804e01fa27285ae
SHA-256: a8c81bad6104af526dbbf9d209a295b9b4a66df30b69067d4ee41f1a67155e4a
openchange-devel-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: a3b8d9df4e6ecb7a80c1793caa8aaaf0
SHA-256: 4933ad5c2efa97b14ee37ac710b4020266f6c87baf705d23f826fff272aaa0a7
openchange-devel-docs-1.0-4.el6.i686.rpm
File outdated by:  RHSA-2013:1540
    MD5: bc890f4557ea2d48583b08d724eed3e2
SHA-256: 612df9a1bb3c7296b36049404b61fff39a631ec34be324891658d9b8979b4f6f
 
x86_64:
evolution-mapi-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 8d1f5efd44cea69e91f9031a0e603f32
SHA-256: c431730511b8c0d145841d2123c491a12c82d22d6de6c0e6d4df4585694fac60
evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 83281f13cee065ca6162c3ea1d5d9a6c
SHA-256: 17f93b47582874ae0eebdcc282fcdfa9ead63055fa1edbd28ed5ea98cfb35fb3
evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: fbd5856cff8eeae039380931c77e8020
SHA-256: 97f5588cacc9c50cbbade333b47727eace04dce1335594699a8e0b1b99bea78b
openchange-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 207f9c13377faddb84106d3e3b697be6
SHA-256: 4f4b5e5485ea766e8a20f57b8d62ba93bd7c31915cad3e08e59ad18e15e3c19d
openchange-client-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: d44fca2504937cdadba545761ce8ac55
SHA-256: 6ac83e63cec780ad9e3ef2d1e9e2510dffe78b9c6353c89d8709f909f0cb8b32
openchange-debuginfo-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 3954107f5b4c24f8ce5f78cd8ef8d28c
SHA-256: fbc92d7c5ed8dce3805623d49243a82b954c35a78050acadaf5c253f5df37588
openchange-devel-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 40ef7007ba99acd084bb267b6de146fe
SHA-256: 5a8ac8634fd79c7a0600c0b4ccdd9562d8198f4550a250ed01aed0db8ec0fdaf
openchange-devel-docs-1.0-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1540
    MD5: 5abcc54fe2ea283c63ee2bda74e7163a
SHA-256: fdad1a195cd61fd8e9eb1c7fcfd8d5d27ecf179187ede21e6516882bcde49882
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

680061 - evolution-data-server crashes in memcpy
685034 - [PATCH] (SIGABRT) FindGoodServer, OpenUserMailbox, exchange_mapi_set_flags
767672 - Rebase openchange libraries
767678 - Patch evolution-mapi to handle new openchange API
804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output
870405 - Cannot send mail with large message body
903241 - Double-free on message copy/move


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/