Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Denial of Service in Zarafa
Aktuelle Meldungen Distributionen
Name: Denial of Service in Zarafa
ID: FEDORA-2015-5864
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mo, 27. April 2015, 11:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9465

Originalnachricht

Name        : zarafa
Product : Fedora 20
Version : 7.1.12
Release : 1.fc20
URL : http://www.zarafa.com/
Summary : Open Source Edition of the Zarafa Collaboration Platform
Description :
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The
Open Source Collaboration provides an integration with your existing Linux
mail server, native mobile phone support by ActiveSync compatibility and a
webaccess with 'Look & Feel' similar to Outlook using Ajax.
Including an
IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open
Source Collaboration can combine the usability with the stability and the
flexibility of a Linux server.

The proven Zarafa groupware solution is using MAPI objects, provides a MAPI
client library as well as programming interfaces for C++, PHP and Python.
The other Zarafa related packages need to be installed to gain all features
and benefits of the Zarafa Collaboration Platform (ZCP).

-------------------------------------------------------------------------------
-
Update Information:

Zarafa Collaboration Platform 7.1.12 final [48726]
==================================================

* ZCP-10149: Include Documentation hint for usage of NFS and -o nolock
option
* ZCP-10233: Zarafa-mr-accept script complains in certain cases about php
timezone functions
* ZCP-10578: missing prerequisites for the reverse proxy in the administrator
manual
* ZCP-10639: Incorrect message when trying to add an archive
* ZCP-10919: a remote admin in multi tenant mode cannot resolve users
* ZCP-11061: Bandwidth requirement documentation
* ZCP-11413: Monitor complains on unused config options.
* ZCP-11418: Compat features do not work with outlook 2010 and windows 8
* ZCP-11468: Document for a user who wants to use webapp, but is experiencing
problems by using an unsupported browser, an easier area to locate the list of supported browsers
* ZCP-11664: Remove "you" wording from the WebApp User Manual
* ZCP-11713: Japanese e-mail breaks the body text
* ZCP-11744: zarafa-restore error in documentation
* ZCP-11786: zarafa-ws is trying to put files in /usr/share/doc/zarafa
* ZCP-11869: Documentation is not clear about Multitenant Public Folder
attribute
* ZCP-11929: differences between "Managing tenant (company) spaces"
and zarafa-admin
* ZCP-11931: Outlook Client: synchronisation of an offline profile makes
zarafa-server unresponsive
* ZCP-11937: Setting out of office for the first time sets language to
Catalan
* ZCP-11949: Update documentation to stress that one server must have one
database.
* ZCP-12081: AB Provider UID is defined multiple times and may cause the
server to read invalid memory
* ZCP-12110: Segfault zarafa-server 7.1.8 R1
* ZCP-12257: include location of the ads plugin in the manual
* ZCP-12371: Add additional LDAP logging when using extended log level
* ZCP-12409: zarafa-search crashes with ssl
* ZCP-12424: Dagent in LMTP mode violates RFC5321
* ZCP-12461: ECDatabaseMySQL defined twice
* ZCP-12488: storing attachments in files on disk is not optimal implemented
* ZCP-12491: Last date of a serial MR is ignored
* ZCP-12492: Private mails sent from Exchange are not marked private.
* ZCP-12501: Component documentation
* ZCP-12534: Sending a mail to a group: The receivers do not see the group
correctly.
* ZCP-12549: remove mail subject from spooler.log
* ZCP-12550: Zarafa-hidden does not work for cached outlook in ZCP 7.1.10
* ZCP-12566: gsoap code gets our license attached in community distribution
of zcp
* ZCP-12568: ldap_uri slows down webapp and server after switching the
LDAP-Server
* ZCP-12574: meeting request copy to delegate - german umlauts broken
* ZCP-12592: Update unsecure swfupload.swf
* ZCP-12596: senddocument.php allows unauthorized upload of files
* ZCP-12597: OL2013 15.0.4641.1001 shows private appointments
* ZCP-12600: Sync seems to fail for larger objects
* ZCP-12608: Compatibility package does not install correctly with OEM
version of Outlook 2013 in every case
* ZCP-12611: Cannot move appointment to different calendar
* ZCP-12618: Move temporary patch definitions file to systemwide central
location
* ZCP-12629: zarafa-server binary does not check for existence of sockets and
pids when started manually
* ZCP-12657: Optimization of dagent incoming e-mail processing
* ZCP-12660: Change runlevel of zarafa-licensed to start before
zarafa-server
* ZCP-12671: Add new OL2013 version 15.0.4659.1000 client to compatibility
component
* ZCP-12676: IMAP Failed to read line: Interrupted system call
* ZCP-12692: Stores should not be orphaned when user_safe_mode is active,
even if they are back when correcting backend
* ZCP-12696: SMTP RFC store violation
* ZCP-12698: compile fail with recent g++ (4.9)
* ZCP-12716: mails send with x-mailer "CDO for windows 2000" loses
attachments.
* ZCP-12720: SMTP RFC store violation
* ZCP-12754: Document that its a bad idea to switch the connection type
inside a profile
* ZCP-12755: Add new OL2013 version 15.0.4667.1000 client to compatibility
component
* ZCP-12762: remove userquota_soft_template & userquota_hard_template
from documentation
* ZCP-12766: zarafa-mailbox-permissions doesn't remove rules for
--remove-all-permissions
* ZCP-12788: Updating the name of a non-active user will change it to a
active user
* ZCP-12790: Message with attachments converted from uuencoded to attachments
with uudecode.py
* ZCP-12791: zarafa-server crashing due to ldap.cfg error
* ZCP-12801: Attachments aren't written into the database
* ZCP-12824: zarafa server still logs indexer instead of search.
* ZCP-12845: storing attachments in files on disk is not optimal implemented
* ZCP-12847: Change changelog author for debian/rhel packages
* ZCP-12850: ECDatabaseMySQL defined twice
* ZCP-12851: zarafa-gateway: NOOP returns with wrong return code
* ZCP-12852: Reading an encypted or signed email will change the receive date
of the email to server time
* ZCP-12865: zarafa-gateway.cfg man page missing description of
imap_max_fail_commands.
* ZCP-12877: meeting request copy to delegate - german umlauts broken
* ZCP-12889: Segfault zarafa-server 7.1.8 R1
* ZCP-12892: Last date of a serial MR is ignored
* ZCP-12898: zarafa-webaccess no login after update to 7.1.10 on Ubuntu
10.04
* ZCP-12901: mails send with x-mailer "CDO for windows 2000" loses
attachments.
* ZCP-12908: zarafa-server crashing due to ldap.cfg error
* ZCP-12910: Monitor complains on unused config options.
* ZCP-12914: Add comment in monitor.cfg for companyquota_warning_template
* ZCP-12918: zarafa spooler queues mails forever if smtpd rejects the mail
* ZCP-12920: As a user I want to be able to sort the global addresses book by
Chinese character
* ZCP-12921: Chinese character broken once received
* ZCP-12922: remove userquota_soft_template & userquota_hard_template
from documentation
* ZCP-12923: Building from source fails when xmlto / libical / bison is
missing
* ZCP-12926: ECChannel::HrSelect doesn't handle EINTR as it should
* ZCP-12930: zarafa-dagent segfault when deliver special mail
* ZCP-12934: When reporting this traceback, please include Linux distribution
name, system architecture and Zarafa version.
* ZCP-12944: another chinese decode issue
* ZCP-12945: Add new OL2013 version 15.0.4675.1003 client to compatibility
component
* ZCP-12949: Update documentation for unsupported Oracle Packages
* ZCP-12950: zarafa-dagent segfault when deliver special mail
* ZCP-12968: ECChannel::HrSelect doesn't handle EINTR as it should
* ZCP-12994: Disabling imap on a pop3 users breaks certain mail.
* ZCP-12995: Example command given in "Out of office management" is
incomplete
* ZCP-13015: add SSL settings for zcp 7.1
* ZCP-13019: Update documentation for Debian language pack installation
* ZCP-13020: zarafa-admin tool mismatch password gives wrong notification
* ZCP-13024: allowed to create SYSTEM user
* ZCP-13026: Add new OL2013 version 15.0.4693.1000 client to compatibility
component
* ZCP-13030: Add new OL2010 version 14.0.7143.5000 client to compatibility
component
* ZCP-13035: Rather use SSLCERT_FILE & SSLCERT_PASS when setting up SSO
for WebApp/WebAccess
* ZCP-13039: Add comment in monitor.cfg for companyquota_warning_template
* ZCP-13046: Improve z-push documentation in admin manual
* ZCP-13047: man page zarafa-admin --hook-store --copyto-public could use
some extra information
* ZCP-13055: Zarafa outlook client 7.1.11-48011 does not work well with
zarafa auto updater
* ZCP-13060: zarafa server still logs indexer instead of search.
* ZCP-13061: Sync seems to fail for larger objects
* ZCP-13062: Merge the compatibility package installation into the MSI
typical install mode
* ZCP-13082: patch: wrong charset in HTML
* ZCP-13120: Add new OL2013 version 15.0.4701.1000 client to compatibility
component
* ZCP-13123: Simplification of installation targets of compat package for
manifest and c2r installations
* ZCP-13143: Spooler.log gives wrong messages notifications
* ZCP-13153: Outlook: answering on a message in 'send items' results
in a message with empty Reply-To: header.
* ZCP-13154: it would be helpful if phpmapi would produce a logfile
* ZCP-13155: WebAccess /etc/zarafa/webaccess/config.php is not a symlink
* ZCP-13158: Upgrade OpenSSL to 1.0.1m on Win32
* ZCP-13176: zarafa-server binary does not check for existence of sockets and
pids when started manually
* ZCP-13177: patch: wrong charset in HTML
* ZCP-13179: it would be helpful if phpmapi would produce a logfile
* ZCP-13180: Spooler.log gives wrong messages notifications
* ZCP-13187: Message with attachments converted from uuencoded to attachments
with uudecode.py
* ZCP-13190: Setting out of office for the first time sets language to
Catalan
* ZCP-13191: When reporting this traceback, please include Linux distribution
name, system architecture and Zarafa version.
* ZCP-13192: Incorrect message when trying to add an archive
* ZCP-13194: remove mail subject from spooler.log
* ZCP-6294: allowed to create SYSTEM user
* ZCP-6443: zarafa-admin tool mismatch password gives wrong notification
* ZCP-7085: Updating the name of a non-active user will change it to an
active user
* ZCP-7296: Extension on the administrator manual
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Apr 7 2015 Robert Scheck <robert@fedoraproject.org> 7.1.12-1
- Upgrade to 7.1.12
- Added multiple minor enhancement and bugfix patches
- Added patch to fix CVE-2014-0103 for PHP < 5.3 (#1073618)
- Handle "su" option in logrotate >= 3.8.0 to avoid errors
* Sat Oct 25 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> 7.1.11-2
- Rebuild for reference-counting-enabled clucene09
* Wed Oct 15 2014 Robert Scheck <robert@fedoraproject.org> 7.1.11-1
- Upgrade to 7.1.11 (#1139442)
- Removed bundled PHP PEAR files/libraries
- Added patch to allow mitigation of SSLv3/POODLE vulnerability
- Added patch to implement ECDHE support (depending on OpenSSL)
- Added patch to allow plaintext authentication from 127.0.0.1
* Tue Aug 26 2014 David Tardon <dtardon@redhat.com> - 7.1.10-5
- rebuild for ICU 53.1
* Mon Aug 25 2014 Robert Scheck <robert@fedoraproject.org> 7.1.10-4
- Fixed multiple incorrect default permissions (#1133439)
* Mon Aug 18 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 7.1.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Jul 14 2014 Robert Scheck <robert@fedoraproject.org> 7.1.10-3
- Rebuild for gSOAP 2.8.17
* Fri Jul 11 2014 Robert Scheck <robert@fedoraproject.org> 7.1.10-2
- Added a workaround to really support MariaDB (#995870)
- Re-added a patch to allow building without zarafa-search
* Sun Jun 29 2014 Robert Scheck <robert@fedoraproject.org> 7.1.10-1
- Upgrade to 7.1.10
* Fri Jun 20 2014 Remi Collet <rcollet@redhat.com> - 7.1.9-2.1
- rebuild for https://fedoraproject.org/wiki/Changes/Php56
- add numerical prefix to extension configuration file
* Sat Jun 7 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 7.1.9-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 22 2014 Petr Machata <pmachata@redhat.com> - 7.1.9-2
- Rebuild for boost 1.55.0
* Thu May 1 2014 Robert Scheck <robert@fedoraproject.org> 7.1.9-1
- Upgrade to 7.1.9
* Fri Feb 21 2014 Robert Scheck <robert@fedoraproject.org> 7.1.8-3
- Upgrade to 7.1.8 (re-released)
* Fri Feb 14 2014 Parag Nemade <paragn AT fedoraproject DOT org> -
7.1.8-2
- Rebuild for icu 52
* Thu Jan 30 2014 Robert Scheck <robert@fedoraproject.org> 7.1.8-1
- Upgrade to 7.1.8 (#1056767, #1059903)
* Sun Dec 8 2013 Robert Scheck <robert@fedoraproject.org> 7.1.7-1
- Upgrade to 7.1.7 (#1008068)
- Added dependency from gateway and spooler to python-MAPI
- Added requirements to virtual libvmime ABI/API provides
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1139442 - CVE-2014-9465 zarafa: unauthenticated denial of service
flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1139442
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update zarafa' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung