LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: evolution security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4. A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: evolution security update
Advisory ID:       RHSA-2007:0353-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0353.html
Issue date:        2007-05-17
Updated on:        2007-05-17
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-1558 
- ---------------------------------------------------------------------

1. Summary:

Updated evolution packages that fix a security bug are now available for
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Evolution is the GNOME collection of personal information management (PIM)
tools.

A flaw was found in the way Evolution processed certain APOP authentication
requests. A remote attacker could potentially acquire certain portions of a
user's authentication credentials by sending certain responses when
evolution-data-server attempted to authenticate against an APOP server.
(CVE-2007-1558)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

238565 - CVE-2007-1558 Evolution APOP information disclosure

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/evolution-1.4.5-20.el3.src.rpm
c405dc2c24a9e0bf5431126309328bf3  evolution-1.4.5-20.el3.src.rpm

i386:
65f97ba5cbbb4805a18ef60524625f99  evolution-1.4.5-20.el3.i386.rpm
b035cf74b18e9f1a75caa15913a3d195  evolution-debuginfo-1.4.5-20.el3.i386.rpm
934b6df84d7786ddcf294a0b625f8a3c  evolution-devel-1.4.5-20.el3.i386.rpm

ia64:
ed2bc1dfbec3cdce3c9776df9e5facdd  evolution-1.4.5-20.el3.ia64.rpm
e37fca949fbbbdf3d518c050cb36ce15  evolution-debuginfo-1.4.5-20.el3.ia64.rpm
781a27c5afa057b27e8d0d241559750d  evolution-devel-1.4.5-20.el3.ia64.rpm

ppc:
3ee9a25add5a42bf89e93a63ac3d91ef  evolution-1.4.5-20.el3.ppc.rpm
7587d60586a60cb60afe27a07c436ad9  evolution-debuginfo-1.4.5-20.el3.ppc.rpm
a17552a71ca70e285a129fc6c9e42d91  evolution-devel-1.4.5-20.el3.ppc.rpm

s390:
a95aab39409afe560a9d01d867d2a658  evolution-1.4.5-20.el3.s390.rpm
bf061e59d63b1a725dafd0e3626a006a  evolution-debuginfo-1.4.5-20.el3.s390.rpm
8cc741d3a5dfd223c085cd95dc16c8b6  evolution-devel-1.4.5-20.el3.s390.rpm

s390x:
85cc84a449a757874ce6f2c8a4b638cb  evolution-1.4.5-20.el3.s390x.rpm
91a0deb5ca3fbbd7c8738a9f4d1fc3cf  evolution-debuginfo-1.4.5-20.el3.s390x.rpm
a5d24149a144f570540506ed060f3d02  evolution-devel-1.4.5-20.el3.s390x.rpm

x86_64:
da6fac84abbbf5c53a05a282be38fd13  evolution-1.4.5-20.el3.x86_64.rpm
58597e62de16b99ba95504bf12c31005  evolution-debuginfo-1.4.5-20.el3.x86_64.rpm
c94bf9dd40ee27d9908c101a8f40e2b7  evolution-devel-1.4.5-20.el3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/evolution-1.4.5-20.el3.src.rpm
c405dc2c24a9e0bf5431126309328bf3  evolution-1.4.5-20.el3.src.rpm

i386:
65f97ba5cbbb4805a18ef60524625f99  evolution-1.4.5-20.el3.i386.rpm
b035cf74b18e9f1a75caa15913a3d195  evolution-debuginfo-1.4.5-20.el3.i386.rpm
934b6df84d7786ddcf294a0b625f8a3c  evolution-devel-1.4.5-20.el3.i386.rpm

x86_64:
da6fac84abbbf5c53a05a282be38fd13  evolution-1.4.5-20.el3.x86_64.rpm
58597e62de16b99ba95504bf12c31005  evolution-debuginfo-1.4.5-20.el3.x86_64.rpm
c94bf9dd40ee27d9908c101a8f40e2b7  evolution-devel-1.4.5-20.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/evolution-1.4.5-20.el3.src.rpm
c405dc2c24a9e0bf5431126309328bf3  evolution-1.4.5-20.el3.src.rpm

i386:
65f97ba5cbbb4805a18ef60524625f99  evolution-1.4.5-20.el3.i386.rpm
b035cf74b18e9f1a75caa15913a3d195  evolution-debuginfo-1.4.5-20.el3.i386.rpm
934b6df84d7786ddcf294a0b625f8a3c  evolution-devel-1.4.5-20.el3.i386.rpm

ia64:
ed2bc1dfbec3cdce3c9776df9e5facdd  evolution-1.4.5-20.el3.ia64.rpm
e37fca949fbbbdf3d518c050cb36ce15  evolution-debuginfo-1.4.5-20.el3.ia64.rpm
781a27c5afa057b27e8d0d241559750d  evolution-devel-1.4.5-20.el3.ia64.rpm

x86_64:
da6fac84abbbf5c53a05a282be38fd13  evolution-1.4.5-20.el3.x86_64.rpm
58597e62de16b99ba95504bf12c31005  evolution-debuginfo-1.4.5-20.el3.x86_64.rpm
c94bf9dd40ee27d9908c101a8f40e2b7  evolution-devel-1.4.5-20.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/evolution-1.4.5-20.el3.src.rpm
c405dc2c24a9e0bf5431126309328bf3  evolution-1.4.5-20.el3.src.rpm

i386:
65f97ba5cbbb4805a18ef60524625f99  evolution-1.4.5-20.el3.i386.rpm
b035cf74b18e9f1a75caa15913a3d195  evolution-debuginfo-1.4.5-20.el3.i386.rpm
934b6df84d7786ddcf294a0b625f8a3c  evolution-devel-1.4.5-20.el3.i386.rpm

ia64:
ed2bc1dfbec3cdce3c9776df9e5facdd  evolution-1.4.5-20.el3.ia64.rpm
e37fca949fbbbdf3d518c050cb36ce15  evolution-debuginfo-1.4.5-20.el3.ia64.rpm
781a27c5afa057b27e8d0d241559750d  evolution-devel-1.4.5-20.el3.ia64.rpm

x86_64:
da6fac84abbbf5c53a05a282be38fd13  evolution-1.4.5-20.el3.x86_64.rpm
58597e62de16b99ba95504bf12c31005  evolution-debuginfo-1.4.5-20.el3.x86_64.rpm
c94bf9dd40ee27d9908c101a8f40e2b7  evolution-devel-1.4.5-20.el3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution-2.0.2-35.0.2.el4.src.rpm
886e06ef0416e5e8fb62685bd5806a42  evolution-2.0.2-35.0.2.el4.src.rpm

i386:
21d0744d5f41d3db79cede4e81902f7b  evolution-2.0.2-35.0.2.el4.i386.rpm
8750a5a86fa6996a90775786cf3a5809  evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm
839cdc24730b44a3b20b1a3c0c8f8acb  evolution-devel-2.0.2-35.0.2.el4.i386.rpm

ia64:
7c312e82153ef608c32a644ad65b3e70  evolution-2.0.2-35.0.2.el4.ia64.rpm
5c3cdd4d3f40e5e65b28bd3f403b356f  evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm
f949e742c14f93535810aa8bb6b695c0  evolution-devel-2.0.2-35.0.2.el4.ia64.rpm

ppc:
41279cc52d1f8bf006137019bdeec115  evolution-2.0.2-35.0.2.el4.ppc.rpm
bf3972bed4b6ebb695012d1e80942df3  evolution-debuginfo-2.0.2-35.0.2.el4.ppc.rpm
0fa38e81f331db0f6d22f62167714413  evolution-devel-2.0.2-35.0.2.el4.ppc.rpm

s390:
93fad9c3c62573cf366bcda9805b9c8d  evolution-2.0.2-35.0.2.el4.s390.rpm
1533b1f9e19170581d4aa41646c02178  evolution-debuginfo-2.0.2-35.0.2.el4.s390.rpm
7905d268cfbbca40893cb1480c130b81  evolution-devel-2.0.2-35.0.2.el4.s390.rpm

s390x:
4df2d5c1eeeadbd21a2ffdd69f66f91c  evolution-2.0.2-35.0.2.el4.s390x.rpm
90e17288a99cb57b52261f5b3c80f950  evolution-debuginfo-2.0.2-35.0.2.el4.s390x.rpm
abb56c486d2112fce800d612263586e0  evolution-devel-2.0.2-35.0.2.el4.s390x.rpm

x86_64:
7c99cb70e572c955ccadc425fe9aaeaa  evolution-2.0.2-35.0.2.el4.x86_64.rpm
489e052420bf3fc3538404fb9f1a9b1f  evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm
4ee7bf955381cef106d0ff4ecc6ae482  evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution-2.0.2-35.0.2.el4.src.rpm
886e06ef0416e5e8fb62685bd5806a42  evolution-2.0.2-35.0.2.el4.src.rpm

i386:
21d0744d5f41d3db79cede4e81902f7b  evolution-2.0.2-35.0.2.el4.i386.rpm
8750a5a86fa6996a90775786cf3a5809  evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm
839cdc24730b44a3b20b1a3c0c8f8acb  evolution-devel-2.0.2-35.0.2.el4.i386.rpm

x86_64:
7c99cb70e572c955ccadc425fe9aaeaa  evolution-2.0.2-35.0.2.el4.x86_64.rpm
489e052420bf3fc3538404fb9f1a9b1f  evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm
4ee7bf955381cef106d0ff4ecc6ae482  evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution-2.0.2-35.0.2.el4.src.rpm
886e06ef0416e5e8fb62685bd5806a42  evolution-2.0.2-35.0.2.el4.src.rpm

i386:
21d0744d5f41d3db79cede4e81902f7b  evolution-2.0.2-35.0.2.el4.i386.rpm
8750a5a86fa6996a90775786cf3a5809  evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm
839cdc24730b44a3b20b1a3c0c8f8acb  evolution-devel-2.0.2-35.0.2.el4.i386.rpm

ia64:
7c312e82153ef608c32a644ad65b3e70  evolution-2.0.2-35.0.2.el4.ia64.rpm
5c3cdd4d3f40e5e65b28bd3f403b356f  evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm
f949e742c14f93535810aa8bb6b695c0  evolution-devel-2.0.2-35.0.2.el4.ia64.rpm

x86_64:
7c99cb70e572c955ccadc425fe9aaeaa  evolution-2.0.2-35.0.2.el4.x86_64.rpm
489e052420bf3fc3538404fb9f1a9b1f  evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm
4ee7bf955381cef106d0ff4ecc6ae482  evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution-2.0.2-35.0.2.el4.src.rpm
886e06ef0416e5e8fb62685bd5806a42  evolution-2.0.2-35.0.2.el4.src.rpm

i386:
21d0744d5f41d3db79cede4e81902f7b  evolution-2.0.2-35.0.2.el4.i386.rpm
8750a5a86fa6996a90775786cf3a5809  evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm
839cdc24730b44a3b20b1a3c0c8f8acb  evolution-devel-2.0.2-35.0.2.el4.i386.rpm

ia64:
7c312e82153ef608c32a644ad65b3e70  evolution-2.0.2-35.0.2.el4.ia64.rpm
5c3cdd4d3f40e5e65b28bd3f403b356f  evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm
f949e742c14f93535810aa8bb6b695c0  evolution-devel-2.0.2-35.0.2.el4.ia64.rpm

x86_64:
7c99cb70e572c955ccadc425fe9aaeaa  evolution-2.0.2-35.0.2.el4.x86_64.rpm
489e052420bf3fc3538404fb9f1a9b1f  evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm
4ee7bf955381cef106d0ff4ecc6ae482  evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.