Home / mailings [RHSA-2007:0353-01] Moderate: evolution security update
Posted on 17 May 2007
RedHat-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: evolution security update
Advisory ID: RHSA-2007:0353-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0353.html
Issue date: 2007-05-17
Updated on: 2007-05-17
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1558
- ---------------------------------------------------------------------
1. Summary:
Updated evolution packages that fix a security bug are now available for
Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Evolution is the GNOME collection of personal information management (PIM)
tools.
A flaw was found in the way Evolution processed certain APOP authentication
requests. A remote attacker could potentially acquire certain portions of a
user's authentication credentials by sending certain responses when
evolution-data-server attempted to authenticate against an APOP server.
(CVE-2007-1558)
All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
238565 - CVE-2007-1558 Evolution APOP information disclosure
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/evolution-1.4.5-20.el3.src.rpm
c405dc2c24a9e0bf5431126309328bf3 evolution-1.4.5-20.el3.src.rpm
i386:
65f97ba5cbbb4805a18ef60524625f99 evolution-1.4.5-20.el3.i386.rpm
b035cf74b18e9f1a75caa15913a3d195 evolution-debuginfo-1.4.5-20.el3.i386.rpm
934b6df84d7786ddcf294a0b625f8a3c evolution-devel-1.4.5-20.el3.i386.rpm
ia64:
ed2bc1dfbec3cdce3c9776df9e5facdd evolution-1.4.5-20.el3.ia64.rpm
e37fca949fbbbdf3d518c050cb36ce15 evolution-debuginfo-1.4.5-20.el3.ia64.rpm
781a27c5afa057b27e8d0d241559750d evolution-devel-1.4.5-20.el3.ia64.rpm
ppc:
3ee9a25add5a42bf89e93a63ac3d91ef evolution-1.4.5-20.el3.ppc.rpm
7587d60586a60cb60afe27a07c436ad9 evolution-debuginfo-1.4.5-20.el3.ppc.rpm
a17552a71ca70e285a129fc6c9e42d91 evolution-devel-1.4.5-20.el3.ppc.rpm
s390:
a95aab39409afe560a9d01d867d2a658 evolution-1.4.5-20.el3.s390.rpm
bf061e59d63b1a725dafd0e3626a006a evolution-debuginfo-1.4.5-20.el3.s390.rpm
8cc741d3a5dfd223c085cd95dc16c8b6 evolution-devel-1.4.5-20.el3.s390.rpm
s390x:
85cc84a449a757874ce6f2c8a4b638cb evolution-1.4.5-20.el3.s390x.rpm
91a0deb5ca3fbbd7c8738a9f4d1fc3cf evolution-debuginfo-1.4.5-20.el3.s390x.rpm
a5d24149a144f570540506ed060f3d02 evolution-devel-1.4.5-20.el3.s390x.rpm
x86_64:
da6fac84abbbf5c53a05a282be38fd13 evolution-1.4.5-20.el3.x86_64.rpm
58597e62de16b99ba95504bf12c31005 evolution-debuginfo-1.4.5-20.el3.x86_64.rpm
c94bf9dd40ee27d9908c101a8f40e2b7 evolution-devel-1.4.5-20.el3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/evolution-1.4.5-20.el3.src.rpm
c405dc2c24a9e0bf5431126309328bf3 evolution-1.4.5-20.el3.src.rpm
i386:
65f97ba5cbbb4805a18ef60524625f99 evolution-1.4.5-20.el3.i386.rpm
b035cf74b18e9f1a75caa15913a3d195 evolution-debuginfo-1.4.5-20.el3.i386.rpm
934b6df84d7786ddcf294a0b625f8a3c evolution-devel-1.4.5-20.el3.i386.rpm
x86_64:
da6fac84abbbf5c53a05a282be38fd13 evolution-1.4.5-20.el3.x86_64.rpm
58597e62de16b99ba95504bf12c31005 evolution-debuginfo-1.4.5-20.el3.x86_64.rpm
c94bf9dd40ee27d9908c101a8f40e2b7 evolution-devel-1.4.5-20.el3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/evolution-1.4.5-20.el3.src.rpm
c405dc2c24a9e0bf5431126309328bf3 evolution-1.4.5-20.el3.src.rpm
i386:
65f97ba5cbbb4805a18ef60524625f99 evolution-1.4.5-20.el3.i386.rpm
b035cf74b18e9f1a75caa15913a3d195 evolution-debuginfo-1.4.5-20.el3.i386.rpm
934b6df84d7786ddcf294a0b625f8a3c evolution-devel-1.4.5-20.el3.i386.rpm
ia64:
ed2bc1dfbec3cdce3c9776df9e5facdd evolution-1.4.5-20.el3.ia64.rpm
e37fca949fbbbdf3d518c050cb36ce15 evolution-debuginfo-1.4.5-20.el3.ia64.rpm
781a27c5afa057b27e8d0d241559750d evolution-devel-1.4.5-20.el3.ia64.rpm
x86_64:
da6fac84abbbf5c53a05a282be38fd13 evolution-1.4.5-20.el3.x86_64.rpm
58597e62de16b99ba95504bf12c31005 evolution-debuginfo-1.4.5-20.el3.x86_64.rpm
c94bf9dd40ee27d9908c101a8f40e2b7 evolution-devel-1.4.5-20.el3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/evolution-1.4.5-20.el3.src.rpm
c405dc2c24a9e0bf5431126309328bf3 evolution-1.4.5-20.el3.src.rpm
i386:
65f97ba5cbbb4805a18ef60524625f99 evolution-1.4.5-20.el3.i386.rpm
b035cf74b18e9f1a75caa15913a3d195 evolution-debuginfo-1.4.5-20.el3.i386.rpm
934b6df84d7786ddcf294a0b625f8a3c evolution-devel-1.4.5-20.el3.i386.rpm
ia64:
ed2bc1dfbec3cdce3c9776df9e5facdd evolution-1.4.5-20.el3.ia64.rpm
e37fca949fbbbdf3d518c050cb36ce15 evolution-debuginfo-1.4.5-20.el3.ia64.rpm
781a27c5afa057b27e8d0d241559750d evolution-devel-1.4.5-20.el3.ia64.rpm
x86_64:
da6fac84abbbf5c53a05a282be38fd13 evolution-1.4.5-20.el3.x86_64.rpm
58597e62de16b99ba95504bf12c31005 evolution-debuginfo-1.4.5-20.el3.x86_64.rpm
c94bf9dd40ee27d9908c101a8f40e2b7 evolution-devel-1.4.5-20.el3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution-2.0.2-35.0.2.el4.src.rpm
886e06ef0416e5e8fb62685bd5806a42 evolution-2.0.2-35.0.2.el4.src.rpm
i386:
21d0744d5f41d3db79cede4e81902f7b evolution-2.0.2-35.0.2.el4.i386.rpm
8750a5a86fa6996a90775786cf3a5809 evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm
839cdc24730b44a3b20b1a3c0c8f8acb evolution-devel-2.0.2-35.0.2.el4.i386.rpm
ia64:
7c312e82153ef608c32a644ad65b3e70 evolution-2.0.2-35.0.2.el4.ia64.rpm
5c3cdd4d3f40e5e65b28bd3f403b356f evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm
f949e742c14f93535810aa8bb6b695c0 evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
ppc:
41279cc52d1f8bf006137019bdeec115 evolution-2.0.2-35.0.2.el4.ppc.rpm
bf3972bed4b6ebb695012d1e80942df3 evolution-debuginfo-2.0.2-35.0.2.el4.ppc.rpm
0fa38e81f331db0f6d22f62167714413 evolution-devel-2.0.2-35.0.2.el4.ppc.rpm
s390:
93fad9c3c62573cf366bcda9805b9c8d evolution-2.0.2-35.0.2.el4.s390.rpm
1533b1f9e19170581d4aa41646c02178 evolution-debuginfo-2.0.2-35.0.2.el4.s390.rpm
7905d268cfbbca40893cb1480c130b81 evolution-devel-2.0.2-35.0.2.el4.s390.rpm
s390x:
4df2d5c1eeeadbd21a2ffdd69f66f91c evolution-2.0.2-35.0.2.el4.s390x.rpm
90e17288a99cb57b52261f5b3c80f950 evolution-debuginfo-2.0.2-35.0.2.el4.s390x.rpm
abb56c486d2112fce800d612263586e0 evolution-devel-2.0.2-35.0.2.el4.s390x.rpm
x86_64:
7c99cb70e572c955ccadc425fe9aaeaa evolution-2.0.2-35.0.2.el4.x86_64.rpm
489e052420bf3fc3538404fb9f1a9b1f evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm
4ee7bf955381cef106d0ff4ecc6ae482 evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution-2.0.2-35.0.2.el4.src.rpm
886e06ef0416e5e8fb62685bd5806a42 evolution-2.0.2-35.0.2.el4.src.rpm
i386:
21d0744d5f41d3db79cede4e81902f7b evolution-2.0.2-35.0.2.el4.i386.rpm
8750a5a86fa6996a90775786cf3a5809 evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm
839cdc24730b44a3b20b1a3c0c8f8acb evolution-devel-2.0.2-35.0.2.el4.i386.rpm
x86_64:
7c99cb70e572c955ccadc425fe9aaeaa evolution-2.0.2-35.0.2.el4.x86_64.rpm
489e052420bf3fc3538404fb9f1a9b1f evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm
4ee7bf955381cef106d0ff4ecc6ae482 evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution-2.0.2-35.0.2.el4.src.rpm
886e06ef0416e5e8fb62685bd5806a42 evolution-2.0.2-35.0.2.el4.src.rpm
i386:
21d0744d5f41d3db79cede4e81902f7b evolution-2.0.2-35.0.2.el4.i386.rpm
8750a5a86fa6996a90775786cf3a5809 evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm
839cdc24730b44a3b20b1a3c0c8f8acb evolution-devel-2.0.2-35.0.2.el4.i386.rpm
ia64:
7c312e82153ef608c32a644ad65b3e70 evolution-2.0.2-35.0.2.el4.ia64.rpm
5c3cdd4d3f40e5e65b28bd3f403b356f evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm
f949e742c14f93535810aa8bb6b695c0 evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
x86_64:
7c99cb70e572c955ccadc425fe9aaeaa evolution-2.0.2-35.0.2.el4.x86_64.rpm
489e052420bf3fc3538404fb9f1a9b1f evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm
4ee7bf955381cef106d0ff4ecc6ae482 evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution-2.0.2-35.0.2.el4.src.rpm
886e06ef0416e5e8fb62685bd5806a42 evolution-2.0.2-35.0.2.el4.src.rpm
i386:
21d0744d5f41d3db79cede4e81902f7b evolution-2.0.2-35.0.2.el4.i386.rpm
8750a5a86fa6996a90775786cf3a5809 evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm
839cdc24730b44a3b20b1a3c0c8f8acb evolution-devel-2.0.2-35.0.2.el4.i386.rpm
ia64:
7c312e82153ef608c32a644ad65b3e70 evolution-2.0.2-35.0.2.el4.ia64.rpm
5c3cdd4d3f40e5e65b28bd3f403b356f evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm
f949e742c14f93535810aa8bb6b695c0 evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
x86_64:
7c99cb70e572c955ccadc425fe9aaeaa evolution-2.0.2-35.0.2.el4.x86_64.rpm
489e052420bf3fc3538404fb9f1a9b1f evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm
4ee7bf955381cef106d0ff4ecc6ae482 evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.