-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: evolution security update Advisory ID: RHSA-2007:0353-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0353.html Issue date: 2007-05-17 Updated on: 2007-05-17 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1558 - ---------------------------------------------------------------------
1. Summary:
Updated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Evolution is the GNOME collection of personal information management (PIM) tools.
A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server. (CVE-2007-1558)
All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
238565 - CVE-2007-1558 Evolution APOP information disclosure
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: evolution-1.4.5-20.el3.src.rpm c405dc2c24a9e0bf5431126309328bf3 evolution-1.4.5-20.el3.src.rpm
i386: 65f97ba5cbbb4805a18ef60524625f99 evolution-1.4.5-20.el3.i386.rpm b035cf74b18e9f1a75caa15913a3d195 evolution-debuginfo-1.4.5-20.el3.i386.rpm 934b6df84d7786ddcf294a0b625f8a3c evolution-devel-1.4.5-20.el3.i386.rpm
ia64: ed2bc1dfbec3cdce3c9776df9e5facdd evolution-1.4.5-20.el3.ia64.rpm e37fca949fbbbdf3d518c050cb36ce15 evolution-debuginfo-1.4.5-20.el3.ia64.rpm 781a27c5afa057b27e8d0d241559750d evolution-devel-1.4.5-20.el3.ia64.rpm
ppc: 3ee9a25add5a42bf89e93a63ac3d91ef evolution-1.4.5-20.el3.ppc.rpm 7587d60586a60cb60afe27a07c436ad9 evolution-debuginfo-1.4.5-20.el3.ppc.rpm a17552a71ca70e285a129fc6c9e42d91 evolution-devel-1.4.5-20.el3.ppc.rpm
s390: a95aab39409afe560a9d01d867d2a658 evolution-1.4.5-20.el3.s390.rpm bf061e59d63b1a725dafd0e3626a006a evolution-debuginfo-1.4.5-20.el3.s390.rpm 8cc741d3a5dfd223c085cd95dc16c8b6 evolution-devel-1.4.5-20.el3.s390.rpm
s390x: 85cc84a449a757874ce6f2c8a4b638cb evolution-1.4.5-20.el3.s390x.rpm 91a0deb5ca3fbbd7c8738a9f4d1fc3cf evolution-debuginfo-1.4.5-20.el3.s390x.rpm a5d24149a144f570540506ed060f3d02 evolution-devel-1.4.5-20.el3.s390x.rpm
x86_64: da6fac84abbbf5c53a05a282be38fd13 evolution-1.4.5-20.el3.x86_64.rpm 58597e62de16b99ba95504bf12c31005 evolution-debuginfo-1.4.5-20.el3.x86_64.rpm c94bf9dd40ee27d9908c101a8f40e2b7 evolution-devel-1.4.5-20.el3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: evolution-1.4.5-20.el3.src.rpm c405dc2c24a9e0bf5431126309328bf3 evolution-1.4.5-20.el3.src.rpm
i386: 65f97ba5cbbb4805a18ef60524625f99 evolution-1.4.5-20.el3.i386.rpm b035cf74b18e9f1a75caa15913a3d195 evolution-debuginfo-1.4.5-20.el3.i386.rpm 934b6df84d7786ddcf294a0b625f8a3c evolution-devel-1.4.5-20.el3.i386.rpm
x86_64: da6fac84abbbf5c53a05a282be38fd13 evolution-1.4.5-20.el3.x86_64.rpm 58597e62de16b99ba95504bf12c31005 evolution-debuginfo-1.4.5-20.el3.x86_64.rpm c94bf9dd40ee27d9908c101a8f40e2b7 evolution-devel-1.4.5-20.el3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: evolution-1.4.5-20.el3.src.rpm c405dc2c24a9e0bf5431126309328bf3 evolution-1.4.5-20.el3.src.rpm
i386: 65f97ba5cbbb4805a18ef60524625f99 evolution-1.4.5-20.el3.i386.rpm b035cf74b18e9f1a75caa15913a3d195 evolution-debuginfo-1.4.5-20.el3.i386.rpm 934b6df84d7786ddcf294a0b625f8a3c evolution-devel-1.4.5-20.el3.i386.rpm
ia64: ed2bc1dfbec3cdce3c9776df9e5facdd evolution-1.4.5-20.el3.ia64.rpm e37fca949fbbbdf3d518c050cb36ce15 evolution-debuginfo-1.4.5-20.el3.ia64.rpm 781a27c5afa057b27e8d0d241559750d evolution-devel-1.4.5-20.el3.ia64.rpm
x86_64: da6fac84abbbf5c53a05a282be38fd13 evolution-1.4.5-20.el3.x86_64.rpm 58597e62de16b99ba95504bf12c31005 evolution-debuginfo-1.4.5-20.el3.x86_64.rpm c94bf9dd40ee27d9908c101a8f40e2b7 evolution-devel-1.4.5-20.el3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: evolution-1.4.5-20.el3.src.rpm c405dc2c24a9e0bf5431126309328bf3 evolution-1.4.5-20.el3.src.rpm
i386: 65f97ba5cbbb4805a18ef60524625f99 evolution-1.4.5-20.el3.i386.rpm b035cf74b18e9f1a75caa15913a3d195 evolution-debuginfo-1.4.5-20.el3.i386.rpm 934b6df84d7786ddcf294a0b625f8a3c evolution-devel-1.4.5-20.el3.i386.rpm
ia64: ed2bc1dfbec3cdce3c9776df9e5facdd evolution-1.4.5-20.el3.ia64.rpm e37fca949fbbbdf3d518c050cb36ce15 evolution-debuginfo-1.4.5-20.el3.ia64.rpm 781a27c5afa057b27e8d0d241559750d evolution-devel-1.4.5-20.el3.ia64.rpm
x86_64: da6fac84abbbf5c53a05a282be38fd13 evolution-1.4.5-20.el3.x86_64.rpm 58597e62de16b99ba95504bf12c31005 evolution-debuginfo-1.4.5-20.el3.x86_64.rpm c94bf9dd40ee27d9908c101a8f40e2b7 evolution-devel-1.4.5-20.el3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS: evolution-2.0.2-35.0.2.el4.src.rpm 886e06ef0416e5e8fb62685bd5806a42 evolution-2.0.2-35.0.2.el4.src.rpm
i386: 21d0744d5f41d3db79cede4e81902f7b evolution-2.0.2-35.0.2.el4.i386.rpm 8750a5a86fa6996a90775786cf3a5809 evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm 839cdc24730b44a3b20b1a3c0c8f8acb evolution-devel-2.0.2-35.0.2.el4.i386.rpm
ia64: 7c312e82153ef608c32a644ad65b3e70 evolution-2.0.2-35.0.2.el4.ia64.rpm 5c3cdd4d3f40e5e65b28bd3f403b356f evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm f949e742c14f93535810aa8bb6b695c0 evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
ppc: 41279cc52d1f8bf006137019bdeec115 evolution-2.0.2-35.0.2.el4.ppc.rpm bf3972bed4b6ebb695012d1e80942df3 evolution-debuginfo-2.0.2-35.0.2.el4.ppc.rpm 0fa38e81f331db0f6d22f62167714413 evolution-devel-2.0.2-35.0.2.el4.ppc.rpm
s390: 93fad9c3c62573cf366bcda9805b9c8d evolution-2.0.2-35.0.2.el4.s390.rpm 1533b1f9e19170581d4aa41646c02178 evolution-debuginfo-2.0.2-35.0.2.el4.s390.rpm 7905d268cfbbca40893cb1480c130b81 evolution-devel-2.0.2-35.0.2.el4.s390.rpm
s390x: 4df2d5c1eeeadbd21a2ffdd69f66f91c evolution-2.0.2-35.0.2.el4.s390x.rpm 90e17288a99cb57b52261f5b3c80f950 evolution-debuginfo-2.0.2-35.0.2.el4.s390x.rpm abb56c486d2112fce800d612263586e0 evolution-devel-2.0.2-35.0.2.el4.s390x.rpm
x86_64: 7c99cb70e572c955ccadc425fe9aaeaa evolution-2.0.2-35.0.2.el4.x86_64.rpm 489e052420bf3fc3538404fb9f1a9b1f evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm 4ee7bf955381cef106d0ff4ecc6ae482 evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: evolution-2.0.2-35.0.2.el4.src.rpm 886e06ef0416e5e8fb62685bd5806a42 evolution-2.0.2-35.0.2.el4.src.rpm
i386: 21d0744d5f41d3db79cede4e81902f7b evolution-2.0.2-35.0.2.el4.i386.rpm 8750a5a86fa6996a90775786cf3a5809 evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm 839cdc24730b44a3b20b1a3c0c8f8acb evolution-devel-2.0.2-35.0.2.el4.i386.rpm
x86_64: 7c99cb70e572c955ccadc425fe9aaeaa evolution-2.0.2-35.0.2.el4.x86_64.rpm 489e052420bf3fc3538404fb9f1a9b1f evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm 4ee7bf955381cef106d0ff4ecc6ae482 evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: evolution-2.0.2-35.0.2.el4.src.rpm 886e06ef0416e5e8fb62685bd5806a42 evolution-2.0.2-35.0.2.el4.src.rpm
i386: 21d0744d5f41d3db79cede4e81902f7b evolution-2.0.2-35.0.2.el4.i386.rpm 8750a5a86fa6996a90775786cf3a5809 evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm 839cdc24730b44a3b20b1a3c0c8f8acb evolution-devel-2.0.2-35.0.2.el4.i386.rpm
ia64: 7c312e82153ef608c32a644ad65b3e70 evolution-2.0.2-35.0.2.el4.ia64.rpm 5c3cdd4d3f40e5e65b28bd3f403b356f evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm f949e742c14f93535810aa8bb6b695c0 evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
x86_64: 7c99cb70e572c955ccadc425fe9aaeaa evolution-2.0.2-35.0.2.el4.x86_64.rpm 489e052420bf3fc3538404fb9f1a9b1f evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm 4ee7bf955381cef106d0ff4ecc6ae482 evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: evolution-2.0.2-35.0.2.el4.src.rpm 886e06ef0416e5e8fb62685bd5806a42 evolution-2.0.2-35.0.2.el4.src.rpm
i386: 21d0744d5f41d3db79cede4e81902f7b evolution-2.0.2-35.0.2.el4.i386.rpm 8750a5a86fa6996a90775786cf3a5809 evolution-debuginfo-2.0.2-35.0.2.el4.i386.rpm 839cdc24730b44a3b20b1a3c0c8f8acb evolution-devel-2.0.2-35.0.2.el4.i386.rpm
ia64: 7c312e82153ef608c32a644ad65b3e70 evolution-2.0.2-35.0.2.el4.ia64.rpm 5c3cdd4d3f40e5e65b28bd3f403b356f evolution-debuginfo-2.0.2-35.0.2.el4.ia64.rpm f949e742c14f93535810aa8bb6b695c0 evolution-devel-2.0.2-35.0.2.el4.ia64.rpm
x86_64: 7c99cb70e572c955ccadc425fe9aaeaa evolution-2.0.2-35.0.2.el4.x86_64.rpm 489e052420bf3fc3538404fb9f1a9b1f evolution-debuginfo-2.0.2-35.0.2.el4.x86_64.rpm 4ee7bf955381cef106d0ff4ecc6ae482 evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558 http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGTGrKXlSAg2UNWIIRAqUxAKCOs8EDnpP84DSmjcoBuCHRLStx4QCggP04 ac+P0AERa1bBLmmr54glUvs= =bqxI -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|