Thursday, May 30, 2019

USN-3998-1: Evolution Data Server vulnerability

evolution-data-server vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Evolution Data Server would sometimes display email content as encrypted when it was not.

Software Description

  • evolution-data-server - Evolution suite data server

Details

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
evolution-data-server - 3.28.5-0ubuntu0.18.04.2
evolution-data-server-common - 3.28.5-0ubuntu0.18.04.2
libcamel-1.2-61 - 3.28.5-0ubuntu0.18.04.2
libebackend-1.2-10 - 3.28.5-0ubuntu0.18.04.2
libedataserver-1.2-23 - 3.28.5-0ubuntu0.18.04.2
Ubuntu 16.04 LTS
evolution-data-server - 3.18.5-1ubuntu1.2
evolution-data-server-common - 3.18.5-1ubuntu1.2
libcamel-1.2-54 - 3.18.5-1ubuntu1.2
libebackend-1.2-10 - 3.18.5-1ubuntu1.2
libedataserver-1.2-21 - 3.18.5-1ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Evolution to make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2Wc82fi

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.