lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Llo56-0006FM-UU@titan.mandriva.com>
Date: Mon, 23 Mar 2009 18:37:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:078 ] evolution-data-server


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:078
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : evolution-data-server
 Date    : March 23, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 A wrong handling of signed Secure/Multipurpose Internet Mail Extensions
 (S/MIME) e-mail messages enables attackers to spoof its signatures
 by modifying the latter copy (CVE-2009-0547).
 
 Crafted authentication challange packets (NT Lan Manager type 2) sent
 by a malicious remote mail server enables remote attackers either
 to cause denial of service and to read information from the process
 memory of the client (CVE-2009-0582).
 
 Multiple integer overflows in Base64 encoding functions enables
 attackers either to cause denial of service and to execute arbitrary
 code (CVE-2009-0587).
 
 This update provides fixes for those vulnerabilities.

 Update:

 evolution-data-server packages from Mandriva Linux distributions
 2008.1 and 2009.0 are not affected by CVE-2009-0587.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0582
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0587
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 6bd3e60d16d5aa9a9344b92fd07ce22a  2008.0/i586/evolution-data-server-1.12.2-1.2mdv2008.0.i586.rpm
 292256ba96c4ac43e910c1fc9e4d8fbe  2008.0/i586/libcamel10-1.12.2-1.2mdv2008.0.i586.rpm
 8f8334411c8485e14582df3e73c4a242  2008.0/i586/libcamel-provider10-1.12.2-1.2mdv2008.0.i586.rpm
 554f16120b2c910306091ebc4f027c8e  2008.0/i586/libebook9-1.12.2-1.2mdv2008.0.i586.rpm
 d12b3caff29d424332eed92da50b014e  2008.0/i586/libecal7-1.12.2-1.2mdv2008.0.i586.rpm
 d2305fd2775aef20aa09822a18b23e20  2008.0/i586/libedata-book2-1.12.2-1.2mdv2008.0.i586.rpm
 1ff922bf3b96e349e88b8a5098577fd3  2008.0/i586/libedata-cal6-1.12.2-1.2mdv2008.0.i586.rpm
 7ad077472c308ba0a1eab267cf5f41d9  2008.0/i586/libedataserver9-1.12.2-1.2mdv2008.0.i586.rpm
 a1e5f6341427c8252ae2f5bb53abb864  2008.0/i586/libedataserver-devel-1.12.2-1.2mdv2008.0.i586.rpm
 f98aab2c87187723a91d63851dc7307b  2008.0/i586/libedataserverui8-1.12.2-1.2mdv2008.0.i586.rpm
 ad342077949f641b46f3d31336884565  2008.0/i586/libegroupwise13-1.12.2-1.2mdv2008.0.i586.rpm
 1ea20abb0c00d4139c042db7562ad33e  2008.0/i586/libexchange-storage3-1.12.2-1.2mdv2008.0.i586.rpm 
 8f2762c4677d1dcec526d28634b1cdc8  2008.0/SRPMS/evolution-data-server-1.12.2-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 a89eb6ee96b0885eaec6a3d0fcd402c4  2008.0/x86_64/evolution-data-server-1.12.2-1.2mdv2008.0.x86_64.rpm
 5513ceadc9a7d771dd4bb631c5b1ac57  2008.0/x86_64/lib64camel10-1.12.2-1.2mdv2008.0.x86_64.rpm
 41120c43bb29316bfb0d2dc80beaafcc  2008.0/x86_64/lib64camel-provider10-1.12.2-1.2mdv2008.0.x86_64.rpm
 00d51e294ef4eb3edf7b489344bef709  2008.0/x86_64/lib64ebook9-1.12.2-1.2mdv2008.0.x86_64.rpm
 b314b6a23b6391e9e16717901ef116c2  2008.0/x86_64/lib64ecal7-1.12.2-1.2mdv2008.0.x86_64.rpm
 564990bbcd635511e24526eadd7b6282  2008.0/x86_64/lib64edata-book2-1.12.2-1.2mdv2008.0.x86_64.rpm
 74b630513512849237d91c8b5fd4cf3d  2008.0/x86_64/lib64edata-cal6-1.12.2-1.2mdv2008.0.x86_64.rpm
 cc2e43cfd37817b53693b33f53380df0  2008.0/x86_64/lib64edataserver9-1.12.2-1.2mdv2008.0.x86_64.rpm
 fcaa0d13f171907d85152c88c49baf75  2008.0/x86_64/lib64edataserver-devel-1.12.2-1.2mdv2008.0.x86_64.rpm
 e1e8a7e5cae46fb8ecc071f44b1e5357  2008.0/x86_64/lib64edataserverui8-1.12.2-1.2mdv2008.0.x86_64.rpm
 f2e8758d708c296f9768ac45b7a6997f  2008.0/x86_64/lib64egroupwise13-1.12.2-1.2mdv2008.0.x86_64.rpm
 e86333bb9e1ff53c17d24614c01f8d06  2008.0/x86_64/lib64exchange-storage3-1.12.2-1.2mdv2008.0.x86_64.rpm 
 8f2762c4677d1dcec526d28634b1cdc8  2008.0/SRPMS/evolution-data-server-1.12.2-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 3be98e3222f18f7ad77f52cae18a3f53  2008.1/i586/evolution-data-server-2.22.3-1.2mdv2008.1.i586.rpm
 46835255c35dfdaf1143fd55449d81b7  2008.1/i586/libcamel11-2.22.3-1.2mdv2008.1.i586.rpm
 a97c396fb8672423112ee79d6bc006da  2008.1/i586/libcamel-provider11-2.22.3-1.2mdv2008.1.i586.rpm
 68bec1fe382f26707e631eb713225a49  2008.1/i586/libebook9-2.22.3-1.2mdv2008.1.i586.rpm
 87c10b897330b34b3d07ef1b07cb4a9f  2008.1/i586/libecal7-2.22.3-1.2mdv2008.1.i586.rpm
 fd3fba7ea5451dce1d0df1bd3fc60a16  2008.1/i586/libedata-book2-2.22.3-1.2mdv2008.1.i586.rpm
 64ca4e53ca5f7f4b2691b843953058ae  2008.1/i586/libedata-cal6-2.22.3-1.2mdv2008.1.i586.rpm
 7f76ed81e4c5437de49d197101aa7332  2008.1/i586/libedataserver9-2.22.3-1.2mdv2008.1.i586.rpm
 7f95a2a8b876df47c0b7ad62e8753160  2008.1/i586/libedataserver-devel-2.22.3-1.2mdv2008.1.i586.rpm
 0b1ed9835be5d7e57dd66b9140dd2268  2008.1/i586/libedataserverui8-2.22.3-1.2mdv2008.1.i586.rpm
 bc8a216136da73264f106ebda24ccb5b  2008.1/i586/libegroupwise13-2.22.3-1.2mdv2008.1.i586.rpm
 74ee765271a478ed654b75dee813256a  2008.1/i586/libexchange-storage3-2.22.3-1.2mdv2008.1.i586.rpm
 633e1f092cf81c404c74bdcec4714703  2008.1/i586/libgdata1-2.22.3-1.2mdv2008.1.i586.rpm 
 49ea7ff50dfd16062fc0b67023849a54  2008.1/SRPMS/evolution-data-server-2.22.3-1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 670373514981fcfd42704ff50bd981fa  2008.1/x86_64/evolution-data-server-2.22.3-1.2mdv2008.1.x86_64.rpm
 e2560387c8b8934baf25b4b2b2de9e74  2008.1/x86_64/lib64camel11-2.22.3-1.2mdv2008.1.x86_64.rpm
 fe118c0ea5cfe68d7097e620f57b1279  2008.1/x86_64/lib64camel-provider11-2.22.3-1.2mdv2008.1.x86_64.rpm
 78585bbd328376b22f0c766a569647e7  2008.1/x86_64/lib64ebook9-2.22.3-1.2mdv2008.1.x86_64.rpm
 f45dee9d1bd98f426a0cf284a01c9397  2008.1/x86_64/lib64ecal7-2.22.3-1.2mdv2008.1.x86_64.rpm
 fcaad5ce1f9a45565b83f25c271601e5  2008.1/x86_64/lib64edata-book2-2.22.3-1.2mdv2008.1.x86_64.rpm
 d29452a6255e90a6c021e4262dca8797  2008.1/x86_64/lib64edata-cal6-2.22.3-1.2mdv2008.1.x86_64.rpm
 cb16a0e0c5a22c72d34b603122a81d24  2008.1/x86_64/lib64edataserver9-2.22.3-1.2mdv2008.1.x86_64.rpm
 7f559ca0d7498fa7d70c4dab1f9cc8ae  2008.1/x86_64/lib64edataserver-devel-2.22.3-1.2mdv2008.1.x86_64.rpm
 a48581b50953bb080a40bbcd5e4b422e  2008.1/x86_64/lib64edataserverui8-2.22.3-1.2mdv2008.1.x86_64.rpm
 6ec96948b374a44491d6659083ba76bd  2008.1/x86_64/lib64egroupwise13-2.22.3-1.2mdv2008.1.x86_64.rpm
 3fa45afb3abbd3c77e254fda0da424eb  2008.1/x86_64/lib64exchange-storage3-2.22.3-1.2mdv2008.1.x86_64.rpm
 23f73c9a1405c768a49f62552c680cfa  2008.1/x86_64/lib64gdata1-2.22.3-1.2mdv2008.1.x86_64.rpm 
 49ea7ff50dfd16062fc0b67023849a54  2008.1/SRPMS/evolution-data-server-2.22.3-1.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 59ef53fa7d268e81f404ddc538c9ac26  2009.0/i586/evolution-data-server-2.24.2-2.2mdv2009.0.i586.rpm
 3d84382377d27dad8d406d1d8a7d5eb2  2009.0/i586/libcamel14-2.24.2-2.2mdv2009.0.i586.rpm
 c27b63a7c1a85ca33615f70055cadf71  2009.0/i586/libebackend0-2.24.2-2.2mdv2009.0.i586.rpm
 455a545fac4d7bec31b844ddebb57e0a  2009.0/i586/libebook9-2.24.2-2.2mdv2009.0.i586.rpm
 1c4907ff88489011e8ab31c7394cdbef  2009.0/i586/libecal7-2.24.2-2.2mdv2009.0.i586.rpm
 d9984628bc49bfbebabc84ec1953d33c  2009.0/i586/libedata-book2-2.24.2-2.2mdv2009.0.i586.rpm
 fe22354397f7bf8d7957b4b13607e539  2009.0/i586/libedata-cal6-2.24.2-2.2mdv2009.0.i586.rpm
 3f005b703bde0898ee545e5a0bbfc8e6  2009.0/i586/libedataserver11-2.24.2-2.2mdv2009.0.i586.rpm
 7ebda4f39cf70f8a1729079b13b21ac0  2009.0/i586/libedataserver-devel-2.24.2-2.2mdv2009.0.i586.rpm
 aa13c35974f81f495e7ae6f4699750c7  2009.0/i586/libedataserverui8-2.24.2-2.2mdv2009.0.i586.rpm
 c9f7f0d15f501431ae541592eb142705  2009.0/i586/libegroupwise13-2.24.2-2.2mdv2009.0.i586.rpm
 02b8b6603c16920b11cb2aa26b4c8b6a  2009.0/i586/libexchange-storage3-2.24.2-2.2mdv2009.0.i586.rpm
 d6724a2358dd27ef05b2a40678be46f7  2009.0/i586/libgdata1-2.24.2-2.2mdv2009.0.i586.rpm 
 ffce99dbbd074a3a744f2470ee6bfe5b  2009.0/SRPMS/evolution-data-server-2.24.2-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 5ea4be495d706643ea838b66854e28f5  2009.0/x86_64/evolution-data-server-2.24.2-2.2mdv2009.0.x86_64.rpm
 1398c10b38aabb1100b4dad6dd2b1086  2009.0/x86_64/lib64camel14-2.24.2-2.2mdv2009.0.x86_64.rpm
 6ba652147caa5dab986a5b763e346b4d  2009.0/x86_64/lib64ebackend0-2.24.2-2.2mdv2009.0.x86_64.rpm
 bb6feb90ceb9b982ba99f374ecbcb2d2  2009.0/x86_64/lib64ebook9-2.24.2-2.2mdv2009.0.x86_64.rpm
 0950c2b31de5c9ceb118912b6cd3faf0  2009.0/x86_64/lib64ecal7-2.24.2-2.2mdv2009.0.x86_64.rpm
 cd2681c502d794e8a2c408582e24537c  2009.0/x86_64/lib64edata-book2-2.24.2-2.2mdv2009.0.x86_64.rpm
 9a4993b5402eb99b9687a648279bd3d0  2009.0/x86_64/lib64edata-cal6-2.24.2-2.2mdv2009.0.x86_64.rpm
 3ecbd64eb57e83aeb58992d231c5ac87  2009.0/x86_64/lib64edataserver11-2.24.2-2.2mdv2009.0.x86_64.rpm
 d43c94570e8ad660ac2e62ee8760ea5b  2009.0/x86_64/lib64edataserver-devel-2.24.2-2.2mdv2009.0.x86_64.rpm
 5d2a86d37af602f2ceaadf2c526d5261  2009.0/x86_64/lib64edataserverui8-2.24.2-2.2mdv2009.0.x86_64.rpm
 dd3a5396088eac43c0044cb454baebc2  2009.0/x86_64/lib64egroupwise13-2.24.2-2.2mdv2009.0.x86_64.rpm
 77f85ad7cb6a82fdc1bb602649d43775  2009.0/x86_64/lib64exchange-storage3-2.24.2-2.2mdv2009.0.x86_64.rpm
 a341e5e2b653488c9853a20e037edcf8  2009.0/x86_64/lib64gdata1-2.24.2-2.2mdv2009.0.x86_64.rpm 
 ffce99dbbd074a3a744f2470ee6bfe5b  2009.0/SRPMS/evolution-data-server-2.24.2-2.2mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJx5vemqjQ0CJFipgRAqAAAJ9Fw/DVMwRDkW7kTy4T8IQePfHVngCg0LPr
V8zfxQ/wOKJQXeyG95vtR8I=
=ZEsU
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ