Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in evolution-data-server
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in evolution-data-server
ID: MDVSA-2009:078
Distribution: Mandriva
Plattformen: Mandriva 2008.0, Mandriva 2008.1, Mandriva 2009.0
Datum: Mo, 23. März 2009, 22:30
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0587
Applikationen: Evolution Data Server

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1237843831-27111-0


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:078
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : evolution-data-server
 Date    : March 23, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 A wrong handling of signed Secure/Multipurpose Internet Mail Extensions
 (S/MIME) e-mail messages enables attackers to spoof its signatures
 by modifying the latter copy (CVE-2009-0547).
 
 Crafted authentication challange packets (NT Lan Manager type 2) sent
 by a malicious remote mail server enables remote attackers either
 to cause denial of service and to read information from the process
 memory of the client (CVE-2009-0582).
 
 Multiple integer overflows in Base64 encoding functions enables
 attackers either to cause denial of service and to execute arbitrary
 code (CVE-2009-0587).
 
 This update provides fixes for those vulnerabilities.

 Update:

 evolution-data-server packages from Mandriva Linux distributions
 2008.1 and 2009.0 are not affected by CVE-2009-0587.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0582
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0587
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 6bd3e60d16d5aa9a9344b92fd07ce22a 
 2008.0/i586/evolution-data-server-1.12.2-1.2mdv2008.0.i586.rpm
 292256ba96c4ac43e910c1fc9e4d8fbe 
 2008.0/i586/libcamel10-1.12.2-1.2mdv2008.0.i586.rpm
 8f8334411c8485e14582df3e73c4a242 
 2008.0/i586/libcamel-provider10-1.12.2-1.2mdv2008.0.i586.rpm
 554f16120b2c910306091ebc4f027c8e 
 2008.0/i586/libebook9-1.12.2-1.2mdv2008.0.i586.rpm
 d12b3caff29d424332eed92da50b014e 
 2008.0/i586/libecal7-1.12.2-1.2mdv2008.0.i586.rpm
 d2305fd2775aef20aa09822a18b23e20 
 2008.0/i586/libedata-book2-1.12.2-1.2mdv2008.0.i586.rpm
 1ff922bf3b96e349e88b8a5098577fd3 
 2008.0/i586/libedata-cal6-1.12.2-1.2mdv2008.0.i586.rpm
 7ad077472c308ba0a1eab267cf5f41d9 
 2008.0/i586/libedataserver9-1.12.2-1.2mdv2008.0.i586.rpm
 a1e5f6341427c8252ae2f5bb53abb864 
 2008.0/i586/libedataserver-devel-1.12.2-1.2mdv2008.0.i586.rpm
 f98aab2c87187723a91d63851dc7307b 
 2008.0/i586/libedataserverui8-1.12.2-1.2mdv2008.0.i586.rpm
 ad342077949f641b46f3d31336884565 
 2008.0/i586/libegroupwise13-1.12.2-1.2mdv2008.0.i586.rpm
 1ea20abb0c00d4139c042db7562ad33e 
 2008.0/i586/libexchange-storage3-1.12.2-1.2mdv2008.0.i586.rpm 
 8f2762c4677d1dcec526d28634b1cdc8 
 2008.0/SRPMS/evolution-data-server-1.12.2-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 a89eb6ee96b0885eaec6a3d0fcd402c4 
 2008.0/x86_64/evolution-data-server-1.12.2-1.2mdv2008.0.x86_64.rpm
 5513ceadc9a7d771dd4bb631c5b1ac57 
 2008.0/x86_64/lib64camel10-1.12.2-1.2mdv2008.0.x86_64.rpm
 41120c43bb29316bfb0d2dc80beaafcc 
 2008.0/x86_64/lib64camel-provider10-1.12.2-1.2mdv2008.0.x86_64.rpm
 00d51e294ef4eb3edf7b489344bef709 
 2008.0/x86_64/lib64ebook9-1.12.2-1.2mdv2008.0.x86_64.rpm
 b314b6a23b6391e9e16717901ef116c2 
 2008.0/x86_64/lib64ecal7-1.12.2-1.2mdv2008.0.x86_64.rpm
 564990bbcd635511e24526eadd7b6282 
 2008.0/x86_64/lib64edata-book2-1.12.2-1.2mdv2008.0.x86_64.rpm
 74b630513512849237d91c8b5fd4cf3d 
 2008.0/x86_64/lib64edata-cal6-1.12.2-1.2mdv2008.0.x86_64.rpm
 cc2e43cfd37817b53693b33f53380df0 
 2008.0/x86_64/lib64edataserver9-1.12.2-1.2mdv2008.0.x86_64.rpm
 fcaa0d13f171907d85152c88c49baf75 
 2008.0/x86_64/lib64edataserver-devel-1.12.2-1.2mdv2008.0.x86_64.rpm
 e1e8a7e5cae46fb8ecc071f44b1e5357 
 2008.0/x86_64/lib64edataserverui8-1.12.2-1.2mdv2008.0.x86_64.rpm
 f2e8758d708c296f9768ac45b7a6997f 
 2008.0/x86_64/lib64egroupwise13-1.12.2-1.2mdv2008.0.x86_64.rpm
 e86333bb9e1ff53c17d24614c01f8d06 
 2008.0/x86_64/lib64exchange-storage3-1.12.2-1.2mdv2008.0.x86_64.rpm 
 8f2762c4677d1dcec526d28634b1cdc8 
 2008.0/SRPMS/evolution-data-server-1.12.2-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 3be98e3222f18f7ad77f52cae18a3f53 
 2008.1/i586/evolution-data-server-2.22.3-1.2mdv2008.1.i586.rpm
 46835255c35dfdaf1143fd55449d81b7 
 2008.1/i586/libcamel11-2.22.3-1.2mdv2008.1.i586.rpm
 a97c396fb8672423112ee79d6bc006da 
 2008.1/i586/libcamel-provider11-2.22.3-1.2mdv2008.1.i586.rpm
 68bec1fe382f26707e631eb713225a49 
 2008.1/i586/libebook9-2.22.3-1.2mdv2008.1.i586.rpm
 87c10b897330b34b3d07ef1b07cb4a9f 
 2008.1/i586/libecal7-2.22.3-1.2mdv2008.1.i586.rpm
 fd3fba7ea5451dce1d0df1bd3fc60a16 
 2008.1/i586/libedata-book2-2.22.3-1.2mdv2008.1.i586.rpm
 64ca4e53ca5f7f4b2691b843953058ae 
 2008.1/i586/libedata-cal6-2.22.3-1.2mdv2008.1.i586.rpm
 7f76ed81e4c5437de49d197101aa7332 
 2008.1/i586/libedataserver9-2.22.3-1.2mdv2008.1.i586.rpm
 7f95a2a8b876df47c0b7ad62e8753160 
 2008.1/i586/libedataserver-devel-2.22.3-1.2mdv2008.1.i586.rpm
 0b1ed9835be5d7e57dd66b9140dd2268 
 2008.1/i586/libedataserverui8-2.22.3-1.2mdv2008.1.i586.rpm
 bc8a216136da73264f106ebda24ccb5b 
 2008.1/i586/libegroupwise13-2.22.3-1.2mdv2008.1.i586.rpm
 74ee765271a478ed654b75dee813256a 
 2008.1/i586/libexchange-storage3-2.22.3-1.2mdv2008.1.i586.rpm
 633e1f092cf81c404c74bdcec4714703 
 2008.1/i586/libgdata1-2.22.3-1.2mdv2008.1.i586.rpm 
 49ea7ff50dfd16062fc0b67023849a54 
 2008.1/SRPMS/evolution-data-server-2.22.3-1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 670373514981fcfd42704ff50bd981fa 
 2008.1/x86_64/evolution-data-server-2.22.3-1.2mdv2008.1.x86_64.rpm
 e2560387c8b8934baf25b4b2b2de9e74 
 2008.1/x86_64/lib64camel11-2.22.3-1.2mdv2008.1.x86_64.rpm
 fe118c0ea5cfe68d7097e620f57b1279 
 2008.1/x86_64/lib64camel-provider11-2.22.3-1.2mdv2008.1.x86_64.rpm
 78585bbd328376b22f0c766a569647e7 
 2008.1/x86_64/lib64ebook9-2.22.3-1.2mdv2008.1.x86_64.rpm
 f45dee9d1bd98f426a0cf284a01c9397 
 2008.1/x86_64/lib64ecal7-2.22.3-1.2mdv2008.1.x86_64.rpm
 fcaad5ce1f9a45565b83f25c271601e5 
 2008.1/x86_64/lib64edata-book2-2.22.3-1.2mdv2008.1.x86_64.rpm
 d29452a6255e90a6c021e4262dca8797 
 2008.1/x86_64/lib64edata-cal6-2.22.3-1.2mdv2008.1.x86_64.rpm
 cb16a0e0c5a22c72d34b603122a81d24 
 2008.1/x86_64/lib64edataserver9-2.22.3-1.2mdv2008.1.x86_64.rpm
 7f559ca0d7498fa7d70c4dab1f9cc8ae 
 2008.1/x86_64/lib64edataserver-devel-2.22.3-1.2mdv2008.1.x86_64.rpm
 a48581b50953bb080a40bbcd5e4b422e 
 2008.1/x86_64/lib64edataserverui8-2.22.3-1.2mdv2008.1.x86_64.rpm
 6ec96948b374a44491d6659083ba76bd 
 2008.1/x86_64/lib64egroupwise13-2.22.3-1.2mdv2008.1.x86_64.rpm
 3fa45afb3abbd3c77e254fda0da424eb 
 2008.1/x86_64/lib64exchange-storage3-2.22.3-1.2mdv2008.1.x86_64.rpm
 23f73c9a1405c768a49f62552c680cfa 
 2008.1/x86_64/lib64gdata1-2.22.3-1.2mdv2008.1.x86_64.rpm 
 49ea7ff50dfd16062fc0b67023849a54 
 2008.1/SRPMS/evolution-data-server-2.22.3-1.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 59ef53fa7d268e81f404ddc538c9ac26 
 2009.0/i586/evolution-data-server-2.24.2-2.2mdv2009.0.i586.rpm
 3d84382377d27dad8d406d1d8a7d5eb2 
 2009.0/i586/libcamel14-2.24.2-2.2mdv2009.0.i586.rpm
 c27b63a7c1a85ca33615f70055cadf71 
 2009.0/i586/libebackend0-2.24.2-2.2mdv2009.0.i586.rpm
 455a545fac4d7bec31b844ddebb57e0a 
 2009.0/i586/libebook9-2.24.2-2.2mdv2009.0.i586.rpm
 1c4907ff88489011e8ab31c7394cdbef 
 2009.0/i586/libecal7-2.24.2-2.2mdv2009.0.i586.rpm
 d9984628bc49bfbebabc84ec1953d33c 
 2009.0/i586/libedata-book2-2.24.2-2.2mdv2009.0.i586.rpm
 fe22354397f7bf8d7957b4b13607e539 
 2009.0/i586/libedata-cal6-2.24.2-2.2mdv2009.0.i586.rpm
 3f005b703bde0898ee545e5a0bbfc8e6 
 2009.0/i586/libedataserver11-2.24.2-2.2mdv2009.0.i586.rpm
 7ebda4f39cf70f8a1729079b13b21ac0 
 2009.0/i586/libedataserver-devel-2.24.2-2.2mdv2009.0.i586.rpm
 aa13c35974f81f495e7ae6f4699750c7 
 2009.0/i586/libedataserverui8-2.24.2-2.2mdv2009.0.i586.rpm
 c9f7f0d15f501431ae541592eb142705 
 2009.0/i586/libegroupwise13-2.24.2-2.2mdv2009.0.i586.rpm
 02b8b6603c16920b11cb2aa26b4c8b6a 
 2009.0/i586/libexchange-storage3-2.24.2-2.2mdv2009.0.i586.rpm
 d6724a2358dd27ef05b2a40678be46f7 
 2009.0/i586/libgdata1-2.24.2-2.2mdv2009.0.i586.rpm 
 ffce99dbbd074a3a744f2470ee6bfe5b 
 2009.0/SRPMS/evolution-data-server-2.24.2-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 5ea4be495d706643ea838b66854e28f5 
 2009.0/x86_64/evolution-data-server-2.24.2-2.2mdv2009.0.x86_64.rpm
 1398c10b38aabb1100b4dad6dd2b1086 
 2009.0/x86_64/lib64camel14-2.24.2-2.2mdv2009.0.x86_64.rpm
 6ba652147caa5dab986a5b763e346b4d 
 2009.0/x86_64/lib64ebackend0-2.24.2-2.2mdv2009.0.x86_64.rpm
 bb6feb90ceb9b982ba99f374ecbcb2d2 
 2009.0/x86_64/lib64ebook9-2.24.2-2.2mdv2009.0.x86_64.rpm
 0950c2b31de5c9ceb118912b6cd3faf0 
 2009.0/x86_64/lib64ecal7-2.24.2-2.2mdv2009.0.x86_64.rpm
 cd2681c502d794e8a2c408582e24537c 
 2009.0/x86_64/lib64edata-book2-2.24.2-2.2mdv2009.0.x86_64.rpm
 9a4993b5402eb99b9687a648279bd3d0 
 2009.0/x86_64/lib64edata-cal6-2.24.2-2.2mdv2009.0.x86_64.rpm
 3ecbd64eb57e83aeb58992d231c5ac87 
 2009.0/x86_64/lib64edataserver11-2.24.2-2.2mdv2009.0.x86_64.rpm
 d43c94570e8ad660ac2e62ee8760ea5b 
 2009.0/x86_64/lib64edataserver-devel-2.24.2-2.2mdv2009.0.x86_64.rpm
 5d2a86d37af602f2ceaadf2c526d5261 
 2009.0/x86_64/lib64edataserverui8-2.24.2-2.2mdv2009.0.x86_64.rpm
 dd3a5396088eac43c0044cb454baebc2 
 2009.0/x86_64/lib64egroupwise13-2.24.2-2.2mdv2009.0.x86_64.rpm
 77f85ad7cb6a82fdc1bb602649d43775 
 2009.0/x86_64/lib64exchange-storage3-2.24.2-2.2mdv2009.0.x86_64.rpm
 a341e5e2b653488c9853a20e037edcf8 
 2009.0/x86_64/lib64gdata1-2.24.2-2.2mdv2009.0.x86_64.rpm 
 ffce99dbbd074a3a744f2470ee6bfe5b 
 2009.0/SRPMS/evolution-data-server-2.24.2-2.2mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJx5vemqjQ0CJFipgRAqAAAJ9Fw/DVMwRDkW7kTy4T8IQePfHVngCg0LPr
V8zfxQ/wOKJQXeyG95vtR8I=
=ZEsU
-----END PGP SIGNATURE-----


------------=_1237843831-27111-0
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1237843831-27111-0--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung