LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: evolution-data-server security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5.A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: evolution-data-server security update
Advisory ID:       RHSA-2007:0344-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0344.html
Issue date:        2007-05-30
Updated on:        2007-05-30
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-1558 
- ---------------------------------------------------------------------

1. Summary:

Updated evolution-data-server package that fixes a security bug are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The evolution-data-server package provides a unified backend for programs
that work with contacts, tasks, and calendar information.

A flaw was found in the way evolution-data-server processed certain APOP
authentication requests. By sending certain responses when
evolution-data-server attempted to authenticate against an APOP server, a
remote attacker could potentially acquire certain portions of a user's
authentication credentials. (CVE-2007-1558)

All users of evolution-data-server should upgrade to these updated
packages, which contain a backported patch which resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

235289 - CVE-2007-1558 Evolution APOP information disclosure

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/evolution-data-server-1.8.0-15.0.3.el5.src.rpm
2dc38ea8fd12a3654ddf4bd36dd3f0c8  evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
12a37eee5ad4c2a982eebefd8b2d5686  evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm

x86_64:
12a37eee5ad4c2a982eebefd8b2d5686  evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
e9049a57a4a46768187c942d09ed18e1  evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/evolution-data-server-1.8.0-15.0.3.el5.src.rpm
2dc38ea8fd12a3654ddf4bd36dd3f0c8  evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
85d93f27c86928de6a3e861f3c9dc68c  evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm

x86_64:
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm
85d93f27c86928de6a3e861f3c9dc68c  evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
89bff966c9bec550c442038a2028135c  evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/evolution-data-server-1.8.0-15.0.3.el5.src.rpm
2dc38ea8fd12a3654ddf4bd36dd3f0c8  evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
12a37eee5ad4c2a982eebefd8b2d5686  evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
85d93f27c86928de6a3e861f3c9dc68c  evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm

ia64:
6ba76e70eb9826231d246797ab6b21c7  evolution-data-server-1.8.0-15.0.3.el5.ia64.rpm
da4300ef017ecd2c01853894b47b2e6b  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ia64.rpm
2662f80f6af03a05e2d064b2ace99c24  evolution-data-server-devel-1.8.0-15.0.3.el5.ia64.rpm

ppc:
4539079a11bca9401812c12d59ceb6e1  evolution-data-server-1.8.0-15.0.3.el5.ppc.rpm
77b4f4f8897286bc0d10d51e32838572  evolution-data-server-1.8.0-15.0.3.el5.ppc64.rpm
4b37d2c9d8512fda671864484d550833  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ppc.rpm
28cb1a7aad5d3be6adfe3e09009ddbb5  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ppc64.rpm
179b33eab82f94e18069641ae5c252aa  evolution-data-server-devel-1.8.0-15.0.3.el5.ppc.rpm
54367c5a72247c9acc6663e164fe8839  evolution-data-server-devel-1.8.0-15.0.3.el5.ppc64.rpm

s390x:
e845ec48cdc8df471d5d114a93e21344  evolution-data-server-1.8.0-15.0.3.el5.s390.rpm
c0c440eb4ed5dd2d930434a3a92a8461  evolution-data-server-1.8.0-15.0.3.el5.s390x.rpm
1c4626a99ac75f4b68598e1c2c324b6a  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.s390.rpm
e47ff2ee3fc82654354792db8cd458b1  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.s390x.rpm
8d834b7fe2e3c55da02516402f5b5970  evolution-data-server-devel-1.8.0-15.0.3.el5.s390.rpm
88b102e274ed7c5eac65147b3922b567  evolution-data-server-devel-1.8.0-15.0.3.el5.s390x.rpm

x86_64:
12a37eee5ad4c2a982eebefd8b2d5686  evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
e9049a57a4a46768187c942d09ed18e1  evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm
85d93f27c86928de6a3e861f3c9dc68c  evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
89bff966c9bec550c442038a2028135c  evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.