Skip to navigation

Security Advisory Moderate: evolution-data-server security update

Advisory: RHSA-2007:0344-2
Type: Security Advisory
Severity: Moderate
Issued on: 2007-05-30
Last updated on: 2007-05-30
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-1558

Details

Updated evolution-data-server package that fixes a security bug are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The evolution-data-server package provides a unified backend for programs
that work with contacts, tasks, and calendar information.

A flaw was found in the way evolution-data-server processed certain APOP
authentication requests. By sending certain responses when
evolution-data-server attempted to authenticate against an APOP server, a
remote attacker could potentially acquire certain portions of a user's
authentication credentials. (CVE-2007-1558)

All users of evolution-data-server should upgrade to these updated
packages, which contain a backported patch which resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
evolution-data-server-1.8.0-15.0.3.el5.src.rpm
File outdated by:  RHBA-2009:1259
    MD5: 2dc38ea8fd12a3654ddf4bd36dd3f0c8
 
IA-32:
evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
File outdated by:  RHBA-2009:1259
    MD5: 85d93f27c86928de6a3e861f3c9dc68c
 
x86_64:
evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
File outdated by:  RHBA-2009:1259
    MD5: 85d93f27c86928de6a3e861f3c9dc68c
evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2009:1259
    MD5: 89bff966c9bec550c442038a2028135c
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
evolution-data-server-1.8.0-15.0.3.el5.src.rpm
File outdated by:  RHBA-2009:1259
    MD5: 2dc38ea8fd12a3654ddf4bd36dd3f0c8
 
IA-32:
evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
File outdated by:  RHBA-2009:1259
    MD5: 12a37eee5ad4c2a982eebefd8b2d5686
evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
File outdated by:  RHBA-2009:1259
    MD5: 85d93f27c86928de6a3e861f3c9dc68c
 
IA-64:
evolution-data-server-1.8.0-15.0.3.el5.ia64.rpm
File outdated by:  RHBA-2009:1259
    MD5: 6ba76e70eb9826231d246797ab6b21c7
evolution-data-server-devel-1.8.0-15.0.3.el5.ia64.rpm
File outdated by:  RHBA-2009:1259
    MD5: 2662f80f6af03a05e2d064b2ace99c24
 
PPC:
evolution-data-server-1.8.0-15.0.3.el5.ppc.rpm
File outdated by:  RHBA-2009:1259
    MD5: 4539079a11bca9401812c12d59ceb6e1
evolution-data-server-1.8.0-15.0.3.el5.ppc64.rpm
File outdated by:  RHBA-2009:1259
    MD5: 77b4f4f8897286bc0d10d51e32838572
evolution-data-server-devel-1.8.0-15.0.3.el5.ppc.rpm
File outdated by:  RHBA-2009:1259
    MD5: 179b33eab82f94e18069641ae5c252aa
evolution-data-server-devel-1.8.0-15.0.3.el5.ppc64.rpm
File outdated by:  RHBA-2009:1259
    MD5: 54367c5a72247c9acc6663e164fe8839
 
s390x:
evolution-data-server-1.8.0-15.0.3.el5.s390.rpm
File outdated by:  RHBA-2009:1259
    MD5: e845ec48cdc8df471d5d114a93e21344
evolution-data-server-1.8.0-15.0.3.el5.s390x.rpm
File outdated by:  RHBA-2009:1259
    MD5: c0c440eb4ed5dd2d930434a3a92a8461
evolution-data-server-devel-1.8.0-15.0.3.el5.s390.rpm
File outdated by:  RHBA-2009:1259
    MD5: 8d834b7fe2e3c55da02516402f5b5970
evolution-data-server-devel-1.8.0-15.0.3.el5.s390x.rpm
File outdated by:  RHBA-2009:1259
    MD5: 88b102e274ed7c5eac65147b3922b567
 
x86_64:
evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
File outdated by:  RHBA-2009:1259
    MD5: 12a37eee5ad4c2a982eebefd8b2d5686
evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2009:1259
    MD5: e9049a57a4a46768187c942d09ed18e1
evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
File outdated by:  RHBA-2009:1259
    MD5: 85d93f27c86928de6a3e861f3c9dc68c
evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2009:1259
    MD5: 89bff966c9bec550c442038a2028135c
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
evolution-data-server-1.8.0-15.0.3.el5.src.rpm
File outdated by:  RHBA-2009:1259
    MD5: 2dc38ea8fd12a3654ddf4bd36dd3f0c8
 
IA-32:
evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
File outdated by:  RHBA-2009:1259
    MD5: 12a37eee5ad4c2a982eebefd8b2d5686
 
x86_64:
evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
File outdated by:  RHBA-2009:1259
    MD5: 12a37eee5ad4c2a982eebefd8b2d5686
evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2009:1259
    MD5: e9049a57a4a46768187c942d09ed18e1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

235289 - CVE-2007-1558 Evolution APOP information disclosure


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/