Login
Newsletter
Werbung
Sicherheit: Preisgabe von Informationen in evolution
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in evolution
ID: MDKSA-2007:107
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva 2007.0, Mandriva 2007.1
Datum: So, 20. Mai 2007, 06:49
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
Applikationen: Evolution

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1179636566-8862-6878


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:107
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : evolution
 Date    : May 19, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A weakness in the way Evolution processed certain APOP authentication
 requests was discovered.  A remote attacker could potentially obtain
 certain portions of a user's authentication credentials by sending
 certain responses when evolution-data-server attempted to authenticate
 against an APOP server.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 3bd403bc916d203da129ff64da6e95d6 
 2007.0/i586/evolution-data-server-1.8.0-1.1mdv2007.0.i586.rpm
 5ec26069ec4cc12d1aca7b89501dde85 
 2007.0/i586/libcamel-provider8-1.8.0-1.1mdv2007.0.i586.rpm
 096564eb455c60218dcec830938ffb71 
 2007.0/i586/libcamel0-1.8.0-1.1mdv2007.0.i586.rpm
 384a7f4a699df4a853780e36d6f4e710 
 2007.0/i586/libebook9-1.8.0-1.1mdv2007.0.i586.rpm
 239ef00f4e064bb5fc0ebe41f24391fa 
 2007.0/i586/libecal7-1.8.0-1.1mdv2007.0.i586.rpm
 6dcd7809f1babbf4975e77431492ecd2 
 2007.0/i586/libedata-book2-1.8.0-1.1mdv2007.0.i586.rpm
 3c54ad6bd97caab5e282d39c2b1b7d59 
 2007.0/i586/libedata-cal6-1.8.0-1.1mdv2007.0.i586.rpm
 69cba1d4fe59229e03e56e0cb16229a6 
 2007.0/i586/libedataserver7-1.8.0-1.1mdv2007.0.i586.rpm
 51b7de96ebc75e60de370000d0913805 
 2007.0/i586/libedataserver7-devel-1.8.0-1.1mdv2007.0.i586.rpm
 49a9591d3f7c6b63a86b3646be9a8410 
 2007.0/i586/libedataserverui8-1.8.0-1.1mdv2007.0.i586.rpm
 92a634a4c2cd4960f4c04cb995e81d4d 
 2007.0/i586/libegroupwise12-1.8.0-1.1mdv2007.0.i586.rpm
 27c04f0994775378fb12e401a667f8d2 
 2007.0/i586/libexchange-storage2-1.8.0-1.1mdv2007.0.i586.rpm 
 761f1980273fa50cc48c42bcf9a88290 
 2007.0/SRPMS/evolution-data-server-1.8.0-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 4f0f3f1c8357916972dca84a50b8b099 
 2007.0/x86_64/evolution-data-server-1.8.0-1.1mdv2007.0.x86_64.rpm
 cd32d9cc2ed3cb12a86ea904a279b6d8 
 2007.0/x86_64/lib64camel-provider8-1.8.0-1.1mdv2007.0.x86_64.rpm
 2f221b08d49ae42121a64726cc6a7520 
 2007.0/x86_64/lib64camel0-1.8.0-1.1mdv2007.0.x86_64.rpm
 c1efe518516f6c766d166bfe83779c86 
 2007.0/x86_64/lib64ebook9-1.8.0-1.1mdv2007.0.x86_64.rpm
 fe9c17e67d7bda374744d091b50de1ac 
 2007.0/x86_64/lib64ecal7-1.8.0-1.1mdv2007.0.x86_64.rpm
 f8d5f3e7224de89f1be467f8c1f14e7c 
 2007.0/x86_64/lib64edata-book2-1.8.0-1.1mdv2007.0.x86_64.rpm
 d1a3c701e83e07487d0c2cfa4f4d5acd 
 2007.0/x86_64/lib64edata-cal6-1.8.0-1.1mdv2007.0.x86_64.rpm
 ae49945766fa722e4f45baec279c3626 
 2007.0/x86_64/lib64edataserver7-1.8.0-1.1mdv2007.0.x86_64.rpm
 920a3664ac6ac8a83c2dc4be5dbbe2d1 
 2007.0/x86_64/lib64edataserver7-devel-1.8.0-1.1mdv2007.0.x86_64.rpm
 65c5d018a2466cc211a1eb46abc780f4 
 2007.0/x86_64/lib64edataserverui8-1.8.0-1.1mdv2007.0.x86_64.rpm
 237054b5f7daa05d02b045036171b199 
 2007.0/x86_64/lib64egroupwise12-1.8.0-1.1mdv2007.0.x86_64.rpm
 e0695d1594a2a96b4db55cd0922ef716 
 2007.0/x86_64/lib64exchange-storage2-1.8.0-1.1mdv2007.0.x86_64.rpm 
 761f1980273fa50cc48c42bcf9a88290 
 2007.0/SRPMS/evolution-data-server-1.8.0-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 6bc136eb7c34f5e72a41fa5ad9e4aec2 
 2007.1/i586/evolution-data-server-1.10.0-4.1mdv2007.1.i586.rpm
 f30cf9bf82448f578b86f665f0baa25e 
 2007.1/i586/libcamel-provider10-1.10.0-4.1mdv2007.1.i586.rpm
 a41582465fa2bc9c4f9466d2cd64bd09 
 2007.1/i586/libcamel10-1.10.0-4.1mdv2007.1.i586.rpm
 f9df96d8c45df2872af8a786b4da76f6 
 2007.1/i586/libebook9-1.10.0-4.1mdv2007.1.i586.rpm
 20352a353fa0211850127bd6bc3a6ae5 
 2007.1/i586/libecal7-1.10.0-4.1mdv2007.1.i586.rpm
 549e8e95d14043b81d49c888cf83dedf 
 2007.1/i586/libedata-book2-1.10.0-4.1mdv2007.1.i586.rpm
 04f800117ef38656ddf5c8acaadeb55a 
 2007.1/i586/libedata-cal6-1.10.0-4.1mdv2007.1.i586.rpm
 1dd74f9962d93eafe49a175303afc6b0 
 2007.1/i586/libedataserver9-1.10.0-4.1mdv2007.1.i586.rpm
 3ea1d0f435e650b270b719571ad16a5a 
 2007.1/i586/libedataserver9-devel-1.10.0-4.1mdv2007.1.i586.rpm
 9234e2757cbc3e2f256aaf485490bf4c 
 2007.1/i586/libedataserverui8-1.10.0-4.1mdv2007.1.i586.rpm
 cccd0ff40fc3aad65cc94b0b28b38927 
 2007.1/i586/libegroupwise13-1.10.0-4.1mdv2007.1.i586.rpm
 d075020a451447f682c6bcdfc34bc245 
 2007.1/i586/libexchange-storage3-1.10.0-4.1mdv2007.1.i586.rpm 
 f8e7380eacd984f96d95515323047a75 
 2007.1/SRPMS/evolution-data-server-1.10.0-4.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 aec9248ee8bb3e933fac186da9f8ec98 
 2007.1/x86_64/evolution-data-server-1.10.0-4.1mdv2007.1.x86_64.rpm
 eb120559b0b0f647677829d7bf1386a6 
 2007.1/x86_64/lib64camel-provider10-1.10.0-4.1mdv2007.1.x86_64.rpm
 7a0b86764035dc514d12d53b90f643cb 
 2007.1/x86_64/lib64camel10-1.10.0-4.1mdv2007.1.x86_64.rpm
 892ce6051f39f4a1a77ab80da2bc8ff3 
 2007.1/x86_64/lib64ebook9-1.10.0-4.1mdv2007.1.x86_64.rpm
 1da80745ee34fc7a264f1f505a2f10db 
 2007.1/x86_64/lib64ecal7-1.10.0-4.1mdv2007.1.x86_64.rpm
 a35bd5e1cb5da0fec948ff0d7faf130e 
 2007.1/x86_64/lib64edata-book2-1.10.0-4.1mdv2007.1.x86_64.rpm
 664a419efd27d678eb9d5a33c35fc4b2 
 2007.1/x86_64/lib64edata-cal6-1.10.0-4.1mdv2007.1.x86_64.rpm
 a5471264ad59a452e68c530e076929fb 
 2007.1/x86_64/lib64edataserver9-1.10.0-4.1mdv2007.1.x86_64.rpm
 25d9cb8a24238aa9d10ee15d6bebb0b6 
 2007.1/x86_64/lib64edataserver9-devel-1.10.0-4.1mdv2007.1.x86_64.rpm
 4ced358f68fb735eec5b25474cea333d 
 2007.1/x86_64/lib64edataserverui8-1.10.0-4.1mdv2007.1.x86_64.rpm
 8ed4c989fe08c4e187cc94cb49c16ed0 
 2007.1/x86_64/lib64egroupwise13-1.10.0-4.1mdv2007.1.x86_64.rpm
 8474d7fddc8ce6d8c5ac697e177a8bb8 
 2007.1/x86_64/lib64exchange-storage3-1.10.0-4.1mdv2007.1.x86_64.rpm 
 f8e7380eacd984f96d95515323047a75 
 2007.1/SRPMS/evolution-data-server-1.10.0-4.1mdv2007.1.src.rpm

 Corporate 3.0:
 1b4a440e9efb3690545a42284f9737c4 
 corporate/3.0/i586/evolution-1.4.6-5.3.C30mdk.i586.rpm
 f57578c18ac41f5f47ce2dc543343392 
 corporate/3.0/i586/evolution-devel-1.4.6-5.3.C30mdk.i586.rpm
 6bff6e2c57979b9aa6bd1fa7b1b833ab 
 corporate/3.0/i586/evolution-pilot-1.4.6-5.3.C30mdk.i586.rpm 
 3a2643efb2d38d632e99e3621bd82525 
 corporate/3.0/SRPMS/evolution-1.4.6-5.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 70350c75fc76d6f0b3d6655c2be13655 
 corporate/3.0/x86_64/evolution-1.4.6-5.3.C30mdk.x86_64.rpm
 c320a65949c65049d55136656c66872b 
 corporate/3.0/x86_64/evolution-devel-1.4.6-5.3.C30mdk.x86_64.rpm
 c383837829b800016cf762c81e0f6a5a 
 corporate/3.0/x86_64/evolution-pilot-1.4.6-5.3.C30mdk.x86_64.rpm 
 3a2643efb2d38d632e99e3621bd82525 
 corporate/3.0/SRPMS/evolution-1.4.6-5.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD4DBQFGT6X6mqjQ0CJFipgRAnLpAJiiCP/atVxCTpPudcqXED7hMUBNAJ4xtF9N
kO4P8LqixLQlzrALG60duA==
=pwGz
-----END PGP SIGNATURE-----


------------=_1179636566-8862-6878
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1179636566-8862-6878--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung