evolution-data-server vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Evolution Data Server could be made to expose sensitive information over the network.
Software Description
- evolution-data-server - Evolution suite data server
Details
Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user’s password being unexpectedly sent in clear text, even though the user had requested to use SSL.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 16.04 LTS
- evolution-data-server - 3.18.5-1ubuntu1.1
- evolution-data-server-common - 3.18.5-1ubuntu1.1
- libcamel-1.2-54 - 3.18.5-1ubuntu1.1
- libebackend-1.2-10 - 3.18.5-1ubuntu1.1
- libedataserver-1.2-21 - 3.18.5-1ubuntu1.1
- Ubuntu 14.04 LTS
- evolution-data-server - 3.10.4-0ubuntu1.6
- evolution-data-server-common - 3.10.4-0ubuntu1.6
- libcamel-1.2-45 - 3.10.4-0ubuntu1.6
- libebackend-1.2-7 - 3.10.4-0ubuntu1.6
- libedataserver-1.2-18 - 3.10.4-0ubuntu1.6
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Evolution to make all the necessary changes.
References
from Ubuntu Security Notices https://ift.tt/2AdVrxA
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.