To: [email protected]Subject: [ MDVSA-2009:078 ] evolution-data-server
Date: Mon, 23 Mar 2009 18:37:00 +0100
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1Llo56-0006FI-RX@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:078
http://www.mandriva.com/security/
_______________________________________________________________________
Package : evolution-data-server
Date : March 23, 2009
Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
A wrong handling of signed Secure/Multipurpose Internet Mail Extensions
(S/MIME) e-mail messages enables attackers to spoof its signatures
by modifying the latter copy (CVE-2009-0547).
Crafted authentication challange packets (NT Lan Manager type 2) sent
by a malicious remote mail server enables remote attackers either
to cause denial of service and to read information from the process
memory of the client (CVE-2009-0582).
Multiple integer overflows in Base64 encoding functions enables
attackers either to cause denial of service and to execute arbitrary
code (CVE-2009-0587).
This update provides fixes for those vulnerabilities.
Update:
evolution-data-server packages from Mandriva Linux distributions
2008.1 and 2009.0 are not affected by CVE-2009-0587.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0582http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0587
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
6bd3e60d16d5aa9a9344b92fd07ce22a 2008.0/i586/evolution-data-server-1.12.2-1.2mdv2008.0.i586.rpm
292256ba96c4ac43e910c1fc9e4d8fbe 2008.0/i586/libcamel10-1.12.2-1.2mdv2008.0.i586.rpm
8f8334411c8485e14582df3e73c4a242 2008.0/i586/libcamel-provider10-1.12.2-1.2mdv2008.0.i586.rpm
554f16120b2c910306091ebc4f027c8e 2008.0/i586/libebook9-1.12.2-1.2mdv2008.0.i586.rpm
d12b3caff29d424332eed92da50b014e 2008.0/i586/libecal7-1.12.2-1.2mdv2008.0.i586.rpm
d2305fd2775aef20aa09822a18b23e20 2008.0/i586/libedata-book2-1.12.2-1.2mdv2008.0.i586.rpm
1ff922bf3b96e349e88b8a5098577fd3 2008.0/i586/libedata-cal6-1.12.2-1.2mdv2008.0.i586.rpm
7ad077472c308ba0a1eab267cf5f41d9 2008.0/i586/libedataserver9-1.12.2-1.2mdv2008.0.i586.rpm
a1e5f6341427c8252ae2f5bb53abb864 2008.0/i586/libedataserver-devel-1.12.2-1.2mdv2008.0.i586.rpm
f98aab2c87187723a91d63851dc7307b 2008.0/i586/libedataserverui8-1.12.2-1.2mdv2008.0.i586.rpm
ad342077949f641b46f3d31336884565 2008.0/i586/libegroupwise13-1.12.2-1.2mdv2008.0.i586.rpm
1ea20abb0c00d4139c042db7562ad33e 2008.0/i586/libexchange-storage3-1.12.2-1.2mdv2008.0.i586.rpm
8f2762c4677d1dcec526d28634b1cdc8 2008.0/SRPMS/evolution-data-server-1.12.2-1.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
a89eb6ee96b0885eaec6a3d0fcd402c4 2008.0/x86_64/evolution-data-server-1.12.2-1.2mdv2008.0.x86_64.rpm
5513ceadc9a7d771dd4bb631c5b1ac57 2008.0/x86_64/lib64camel10-1.12.2-1.2mdv2008.0.x86_64.rpm
41120c43bb29316bfb0d2dc80beaafcc 2008.0/x86_64/lib64camel-provider10-1.12.2-1.2mdv2008.0.x86_64.rpm
00d51e294ef4eb3edf7b489344bef709 2008.0/x86_64/lib64ebook9-1.12.2-1.2mdv2008.0.x86_64.rpm
b314b6a23b6391e9e16717901ef116c2 2008.0/x86_64/lib64ecal7-1.12.2-1.2mdv2008.0.x86_64.rpm
564990bbcd635511e24526eadd7b6282 2008.0/x86_64/lib64edata-book2-1.12.2-1.2mdv2008.0.x86_64.rpm
74b630513512849237d91c8b5fd4cf3d 2008.0/x86_64/lib64edata-cal6-1.12.2-1.2mdv2008.0.x86_64.rpm
cc2e43cfd37817b53693b33f53380df0 2008.0/x86_64/lib64edataserver9-1.12.2-1.2mdv2008.0.x86_64.rpm
fcaa0d13f171907d85152c88c49baf75 2008.0/x86_64/lib64edataserver-devel-1.12.2-1.2mdv2008.0.x86_64.rpm
e1e8a7e5cae46fb8ecc071f44b1e5357 2008.0/x86_64/lib64edataserverui8-1.12.2-1.2mdv2008.0.x86_64.rpm
f2e8758d708c296f9768ac45b7a6997f 2008.0/x86_64/lib64egroupwise13-1.12.2-1.2mdv2008.0.x86_64.rpm
e86333bb9e1ff53c17d24614c01f8d06 2008.0/x86_64/lib64exchange-storage3-1.12.2-1.2mdv2008.0.x86_64.rpm
8f2762c4677d1dcec526d28634b1cdc8 2008.0/SRPMS/evolution-data-server-1.12.2-1.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
3be98e3222f18f7ad77f52cae18a3f53 2008.1/i586/evolution-data-server-2.22.3-1.2mdv2008.1.i586.rpm
46835255c35dfdaf1143fd55449d81b7 2008.1/i586/libcamel11-2.22.3-1.2mdv2008.1.i586.rpm
a97c396fb8672423112ee79d6bc006da 2008.1/i586/libcamel-provider11-2.22.3-1.2mdv2008.1.i586.rpm
68bec1fe382f26707e631eb713225a49 2008.1/i586/libebook9-2.22.3-1.2mdv2008.1.i586.rpm
87c10b897330b34b3d07ef1b07cb4a9f 2008.1/i586/libecal7-2.22.3-1.2mdv2008.1.i586.rpm
fd3fba7ea5451dce1d0df1bd3fc60a16 2008.1/i586/libedata-book2-2.22.3-1.2mdv2008.1.i586.rpm
64ca4e53ca5f7f4b2691b843953058ae 2008.1/i586/libedata-cal6-2.22.3-1.2mdv2008.1.i586.rpm
7f76ed81e4c5437de49d197101aa7332 2008.1/i586/libedataserver9-2.22.3-1.2mdv2008.1.i586.rpm
7f95a2a8b876df47c0b7ad62e8753160 2008.1/i586/libedataserver-devel-2.22.3-1.2mdv2008.1.i586.rpm
0b1ed9835be5d7e57dd66b9140dd2268 2008.1/i586/libedataserverui8-2.22.3-1.2mdv2008.1.i586.rpm
bc8a216136da73264f106ebda24ccb5b 2008.1/i586/libegroupwise13-2.22.3-1.2mdv2008.1.i586.rpm
74ee765271a478ed654b75dee813256a 2008.1/i586/libexchange-storage3-2.22.3-1.2mdv2008.1.i586.rpm
633e1f092cf81c404c74bdcec4714703 2008.1/i586/libgdata1-2.22.3-1.2mdv2008.1.i586.rpm
49ea7ff50dfd16062fc0b67023849a54 2008.1/SRPMS/evolution-data-server-2.22.3-1.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
670373514981fcfd42704ff50bd981fa 2008.1/x86_64/evolution-data-server-2.22.3-1.2mdv2008.1.x86_64.rpm
e2560387c8b8934baf25b4b2b2de9e74 2008.1/x86_64/lib64camel11-2.22.3-1.2mdv2008.1.x86_64.rpm
fe118c0ea5cfe68d7097e620f57b1279 2008.1/x86_64/lib64camel-provider11-2.22.3-1.2mdv2008.1.x86_64.rpm
78585bbd328376b22f0c766a569647e7 2008.1/x86_64/lib64ebook9-2.22.3-1.2mdv2008.1.x86_64.rpm
f45dee9d1bd98f426a0cf284a01c9397 2008.1/x86_64/lib64ecal7-2.22.3-1.2mdv2008.1.x86_64.rpm
fcaad5ce1f9a45565b83f25c271601e5 2008.1/x86_64/lib64edata-book2-2.22.3-1.2mdv2008.1.x86_64.rpm
d29452a6255e90a6c021e4262dca8797 2008.1/x86_64/lib64edata-cal6-2.22.3-1.2mdv2008.1.x86_64.rpm
cb16a0e0c5a22c72d34b603122a81d24 2008.1/x86_64/lib64edataserver9-2.22.3-1.2mdv2008.1.x86_64.rpm
7f559ca0d7498fa7d70c4dab1f9cc8ae 2008.1/x86_64/lib64edataserver-devel-2.22.3-1.2mdv2008.1.x86_64.rpm
a48581b50953bb080a40bbcd5e4b422e 2008.1/x86_64/lib64edataserverui8-2.22.3-1.2mdv2008.1.x86_64.rpm
6ec96948b374a44491d6659083ba76bd 2008.1/x86_64/lib64egroupwise13-2.22.3-1.2mdv2008.1.x86_64.rpm
3fa45afb3abbd3c77e254fda0da424eb 2008.1/x86_64/lib64exchange-storage3-2.22.3-1.2mdv2008.1.x86_64.rpm
23f73c9a1405c768a49f62552c680cfa 2008.1/x86_64/lib64gdata1-2.22.3-1.2mdv2008.1.x86_64.rpm
49ea7ff50dfd16062fc0b67023849a54 2008.1/SRPMS/evolution-data-server-2.22.3-1.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
59ef53fa7d268e81f404ddc538c9ac26 2009.0/i586/evolution-data-server-2.24.2-2.2mdv2009.0.i586.rpm
3d84382377d27dad8d406d1d8a7d5eb2 2009.0/i586/libcamel14-2.24.2-2.2mdv2009.0.i586.rpm
c27b63a7c1a85ca33615f70055cadf71 2009.0/i586/libebackend0-2.24.2-2.2mdv2009.0.i586.rpm
455a545fac4d7bec31b844ddebb57e0a 2009.0/i586/libebook9-2.24.2-2.2mdv2009.0.i586.rpm
1c4907ff88489011e8ab31c7394cdbef 2009.0/i586/libecal7-2.24.2-2.2mdv2009.0.i586.rpm
d9984628bc49bfbebabc84ec1953d33c 2009.0/i586/libedata-book2-2.24.2-2.2mdv2009.0.i586.rpm
fe22354397f7bf8d7957b4b13607e539 2009.0/i586/libedata-cal6-2.24.2-2.2mdv2009.0.i586.rpm
3f005b703bde0898ee545e5a0bbfc8e6 2009.0/i586/libedataserver11-2.24.2-2.2mdv2009.0.i586.rpm
7ebda4f39cf70f8a1729079b13b21ac0 2009.0/i586/libedataserver-devel-2.24.2-2.2mdv2009.0.i586.rpm
aa13c35974f81f495e7ae6f4699750c7 2009.0/i586/libedataserverui8-2.24.2-2.2mdv2009.0.i586.rpm
c9f7f0d15f501431ae541592eb142705 2009.0/i586/libegroupwise13-2.24.2-2.2mdv2009.0.i586.rpm
02b8b6603c16920b11cb2aa26b4c8b6a 2009.0/i586/libexchange-storage3-2.24.2-2.2mdv2009.0.i586.rpm
d6724a2358dd27ef05b2a40678be46f7 2009.0/i586/libgdata1-2.24.2-2.2mdv2009.0.i586.rpm
ffce99dbbd074a3a744f2470ee6bfe5b 2009.0/SRPMS/evolution-data-server-2.24.2-2.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
5ea4be495d706643ea838b66854e28f5 2009.0/x86_64/evolution-data-server-2.24.2-2.2mdv2009.0.x86_64.rpm
1398c10b38aabb1100b4dad6dd2b1086 2009.0/x86_64/lib64camel14-2.24.2-2.2mdv2009.0.x86_64.rpm
6ba652147caa5dab986a5b763e346b4d 2009.0/x86_64/lib64ebackend0-2.24.2-2.2mdv2009.0.x86_64.rpm
bb6feb90ceb9b982ba99f374ecbcb2d2 2009.0/x86_64/lib64ebook9-2.24.2-2.2mdv2009.0.x86_64.rpm
0950c2b31de5c9ceb118912b6cd3faf0 2009.0/x86_64/lib64ecal7-2.24.2-2.2mdv2009.0.x86_64.rpm
cd2681c502d794e8a2c408582e24537c 2009.0/x86_64/lib64edata-book2-2.24.2-2.2mdv2009.0.x86_64.rpm
9a4993b5402eb99b9687a648279bd3d0 2009.0/x86_64/lib64edata-cal6-2.24.2-2.2mdv2009.0.x86_64.rpm
3ecbd64eb57e83aeb58992d231c5ac87 2009.0/x86_64/lib64edataserver11-2.24.2-2.2mdv2009.0.x86_64.rpm
d43c94570e8ad660ac2e62ee8760ea5b 2009.0/x86_64/lib64edataserver-devel-2.24.2-2.2mdv2009.0.x86_64.rpm
5d2a86d37af602f2ceaadf2c526d5261 2009.0/x86_64/lib64edataserverui8-2.24.2-2.2mdv2009.0.x86_64.rpm
dd3a5396088eac43c0044cb454baebc2 2009.0/x86_64/lib64egroupwise13-2.24.2-2.2mdv2009.0.x86_64.rpm
77f85ad7cb6a82fdc1bb602649d43775 2009.0/x86_64/lib64exchange-storage3-2.24.2-2.2mdv2009.0.x86_64.rpm
a341e5e2b653488c9853a20e037edcf8 2009.0/x86_64/lib64gdata1-2.24.2-2.2mdv2009.0.x86_64.rpm
ffce99dbbd074a3a744f2470ee6bfe5b 2009.0/SRPMS/evolution-data-server-2.24.2-2.2mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJx5vemqjQ0CJFipgRAqAAAJ9Fw/DVMwRDkW7kTy4T8IQePfHVngCg0LPr
V8zfxQ/wOKJQXeyG95vtR8I=
=ZEsU
-----END PGP SIGNATURE-----