Skip to navigation

Security Advisory Moderate: evolution security update

Advisory: RHSA-2007:0353-3
Type: Security Advisory
Severity: Moderate
Issued on: 2007-05-17
Last updated on: 2007-05-17
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-1558

Details

Updated evolution packages that fix a security bug are now available for
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Evolution is the GNOME collection of personal information management (PIM)
tools.

A flaw was found in the way Evolution processed certain APOP authentication
requests. A remote attacker could potentially acquire certain portions of a
user's authentication credentials by sending certain responses when
evolution-data-server attempted to authenticate against an APOP server.
(CVE-2007-1558)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
evolution-1.4.5-20.el3.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: c405dc2c24a9e0bf5431126309328bf3
 
IA-32:
evolution-1.4.5-20.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 65f97ba5cbbb4805a18ef60524625f99
evolution-devel-1.4.5-20.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 934b6df84d7786ddcf294a0b625f8a3c
 
x86_64:
evolution-1.4.5-20.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: da6fac84abbbf5c53a05a282be38fd13
evolution-devel-1.4.5-20.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: c94bf9dd40ee27d9908c101a8f40e2b7
 
Red Hat Desktop (v. 4)

SRPMS:
evolution-2.0.2-35.0.2.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 886e06ef0416e5e8fb62685bd5806a42
 
IA-32:
evolution-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 21d0744d5f41d3db79cede4e81902f7b
evolution-devel-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 839cdc24730b44a3b20b1a3c0c8f8acb
 
x86_64:
evolution-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 7c99cb70e572c955ccadc425fe9aaeaa
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4ee7bf955381cef106d0ff4ecc6ae482
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
evolution-1.4.5-20.el3.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: c405dc2c24a9e0bf5431126309328bf3
 
IA-32:
evolution-1.4.5-20.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 65f97ba5cbbb4805a18ef60524625f99
evolution-devel-1.4.5-20.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 934b6df84d7786ddcf294a0b625f8a3c
 
IA-64:
evolution-1.4.5-20.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: ed2bc1dfbec3cdce3c9776df9e5facdd
evolution-devel-1.4.5-20.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 781a27c5afa057b27e8d0d241559750d
 
PPC:
evolution-1.4.5-20.el3.ppc.rpm
File outdated by:  RHSA-2009:0358
    MD5: 3ee9a25add5a42bf89e93a63ac3d91ef
evolution-devel-1.4.5-20.el3.ppc.rpm
File outdated by:  RHSA-2009:0358
    MD5: a17552a71ca70e285a129fc6c9e42d91
 
s390:
evolution-1.4.5-20.el3.s390.rpm
File outdated by:  RHSA-2009:0358
    MD5: a95aab39409afe560a9d01d867d2a658
evolution-devel-1.4.5-20.el3.s390.rpm
File outdated by:  RHSA-2009:0358
    MD5: 8cc741d3a5dfd223c085cd95dc16c8b6
 
s390x:
evolution-1.4.5-20.el3.s390x.rpm
File outdated by:  RHSA-2009:0358
    MD5: 85cc84a449a757874ce6f2c8a4b638cb
evolution-devel-1.4.5-20.el3.s390x.rpm
File outdated by:  RHSA-2009:0358
    MD5: a5d24149a144f570540506ed060f3d02
 
x86_64:
evolution-1.4.5-20.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: da6fac84abbbf5c53a05a282be38fd13
evolution-devel-1.4.5-20.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: c94bf9dd40ee27d9908c101a8f40e2b7
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
evolution-2.0.2-35.0.2.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 886e06ef0416e5e8fb62685bd5806a42
 
IA-32:
evolution-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 21d0744d5f41d3db79cede4e81902f7b
evolution-devel-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 839cdc24730b44a3b20b1a3c0c8f8acb
 
IA-64:
evolution-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 7c312e82153ef608c32a644ad65b3e70
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: f949e742c14f93535810aa8bb6b695c0
 
PPC:
evolution-2.0.2-35.0.2.el4.ppc.rpm
File outdated by:  RHSA-2009:0355
    MD5: 41279cc52d1f8bf006137019bdeec115
evolution-devel-2.0.2-35.0.2.el4.ppc.rpm
File outdated by:  RHSA-2009:0355
    MD5: 0fa38e81f331db0f6d22f62167714413
 
s390:
evolution-2.0.2-35.0.2.el4.s390.rpm
File outdated by:  RHSA-2009:0355
    MD5: 93fad9c3c62573cf366bcda9805b9c8d
evolution-devel-2.0.2-35.0.2.el4.s390.rpm
File outdated by:  RHSA-2009:0355
    MD5: 7905d268cfbbca40893cb1480c130b81
 
s390x:
evolution-2.0.2-35.0.2.el4.s390x.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4df2d5c1eeeadbd21a2ffdd69f66f91c
evolution-devel-2.0.2-35.0.2.el4.s390x.rpm
File outdated by:  RHSA-2009:0355
    MD5: abb56c486d2112fce800d612263586e0
 
x86_64:
evolution-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 7c99cb70e572c955ccadc425fe9aaeaa
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4ee7bf955381cef106d0ff4ecc6ae482
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
evolution-2.0.2-35.0.2.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 886e06ef0416e5e8fb62685bd5806a42
 
IA-32:
evolution-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 21d0744d5f41d3db79cede4e81902f7b
evolution-devel-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 839cdc24730b44a3b20b1a3c0c8f8acb
 
IA-64:
evolution-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 7c312e82153ef608c32a644ad65b3e70
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: f949e742c14f93535810aa8bb6b695c0
 
PPC:
evolution-2.0.2-35.0.2.el4.ppc.rpm
File outdated by:  RHSA-2008:0517
    MD5: 41279cc52d1f8bf006137019bdeec115
evolution-devel-2.0.2-35.0.2.el4.ppc.rpm
File outdated by:  RHSA-2008:0517
    MD5: 0fa38e81f331db0f6d22f62167714413
 
s390:
evolution-2.0.2-35.0.2.el4.s390.rpm
File outdated by:  RHSA-2008:0517
    MD5: 93fad9c3c62573cf366bcda9805b9c8d
evolution-devel-2.0.2-35.0.2.el4.s390.rpm
File outdated by:  RHSA-2008:0517
    MD5: 7905d268cfbbca40893cb1480c130b81
 
s390x:
evolution-2.0.2-35.0.2.el4.s390x.rpm
File outdated by:  RHSA-2008:0517
    MD5: 4df2d5c1eeeadbd21a2ffdd69f66f91c
evolution-devel-2.0.2-35.0.2.el4.s390x.rpm
File outdated by:  RHSA-2008:0517
    MD5: abb56c486d2112fce800d612263586e0
 
x86_64:
evolution-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 7c99cb70e572c955ccadc425fe9aaeaa
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 4ee7bf955381cef106d0ff4ecc6ae482
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
evolution-1.4.5-20.el3.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: c405dc2c24a9e0bf5431126309328bf3
 
IA-32:
evolution-1.4.5-20.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 65f97ba5cbbb4805a18ef60524625f99
evolution-devel-1.4.5-20.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 934b6df84d7786ddcf294a0b625f8a3c
 
IA-64:
evolution-1.4.5-20.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: ed2bc1dfbec3cdce3c9776df9e5facdd
evolution-devel-1.4.5-20.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 781a27c5afa057b27e8d0d241559750d
 
x86_64:
evolution-1.4.5-20.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: da6fac84abbbf5c53a05a282be38fd13
evolution-devel-1.4.5-20.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: c94bf9dd40ee27d9908c101a8f40e2b7
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
evolution-2.0.2-35.0.2.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 886e06ef0416e5e8fb62685bd5806a42
 
IA-32:
evolution-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 21d0744d5f41d3db79cede4e81902f7b
evolution-devel-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 839cdc24730b44a3b20b1a3c0c8f8acb
 
IA-64:
evolution-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 7c312e82153ef608c32a644ad65b3e70
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: f949e742c14f93535810aa8bb6b695c0
 
x86_64:
evolution-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 7c99cb70e572c955ccadc425fe9aaeaa
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4ee7bf955381cef106d0ff4ecc6ae482
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
evolution-2.0.2-35.0.2.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 886e06ef0416e5e8fb62685bd5806a42
 
IA-32:
evolution-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 21d0744d5f41d3db79cede4e81902f7b
evolution-devel-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2008:0517
    MD5: 839cdc24730b44a3b20b1a3c0c8f8acb
 
IA-64:
evolution-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 7c312e82153ef608c32a644ad65b3e70
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2008:0517
    MD5: f949e742c14f93535810aa8bb6b695c0
 
x86_64:
evolution-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 7c99cb70e572c955ccadc425fe9aaeaa
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2008:0517
    MD5: 4ee7bf955381cef106d0ff4ecc6ae482
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
evolution-1.4.5-20.el3.src.rpm
File outdated by:  RHSA-2009:0358
    MD5: c405dc2c24a9e0bf5431126309328bf3
 
IA-32:
evolution-1.4.5-20.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 65f97ba5cbbb4805a18ef60524625f99
evolution-devel-1.4.5-20.el3.i386.rpm
File outdated by:  RHSA-2009:0358
    MD5: 934b6df84d7786ddcf294a0b625f8a3c
 
IA-64:
evolution-1.4.5-20.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: ed2bc1dfbec3cdce3c9776df9e5facdd
evolution-devel-1.4.5-20.el3.ia64.rpm
File outdated by:  RHSA-2009:0358
    MD5: 781a27c5afa057b27e8d0d241559750d
 
x86_64:
evolution-1.4.5-20.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: da6fac84abbbf5c53a05a282be38fd13
evolution-devel-1.4.5-20.el3.x86_64.rpm
File outdated by:  RHSA-2009:0358
    MD5: c94bf9dd40ee27d9908c101a8f40e2b7
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
evolution-2.0.2-35.0.2.el4.src.rpm
File outdated by:  RHSA-2009:0355
    MD5: 886e06ef0416e5e8fb62685bd5806a42
 
IA-32:
evolution-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 21d0744d5f41d3db79cede4e81902f7b
evolution-devel-2.0.2-35.0.2.el4.i386.rpm
File outdated by:  RHSA-2009:0355
    MD5: 839cdc24730b44a3b20b1a3c0c8f8acb
 
IA-64:
evolution-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 7c312e82153ef608c32a644ad65b3e70
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
File outdated by:  RHSA-2009:0355
    MD5: f949e742c14f93535810aa8bb6b695c0
 
x86_64:
evolution-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 7c99cb70e572c955ccadc425fe9aaeaa
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
File outdated by:  RHSA-2009:0355
    MD5: 4ee7bf955381cef106d0ff4ecc6ae482
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

238565 - CVE-2007-1558 Evolution APOP information disclosure


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/