From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1813-1
[email protected] http://www.debian.org/security/ Steffen Joeris
June 08, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : evolution-data-server
Vulnerability : Several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-0587 CVE-2009-0547 CVE-2009-0582
Debian Bug : 508479
Several vulnerabilities have been found in evolution-data-server, the
database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-0587
It was discovered that evolution-data-server is prone to integer
overflows triggered by large base64 strings.
CVE-2009-0547
Joachim Breitner discovered that S/MIME signatures are not verified
properly, which can lead to spoofing attacks.
CVE-2009-0582
It was discovered that NTLM authentication challenge packets are not
validated properly when using the NTLM authentication method, which
could lead to an information disclosure or a denial of service.
For the oldstable distribution (etch), these problems have been fixed in version 1.6.3-5etch2.
For the stable distribution (lenny), these problems have been fixed in
version 2.22.3-1.1+lenny1.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.26.1.1-1.
We recommend that you upgrade your evolution-data-server packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3.orig.tar.gz
Size/MD5 checksum: 9912159 b68864722532715d721f32e8a10660a1
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2.diff.gz
Size/MD5 checksum: 55652 3336b8da8370ab02a680be211b4e64a2
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2.dsc
Size/MD5 checksum: 1737 86a1bbac9201c5d9c9daf3807babbc55
Architecture independent packages:
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-common_1.6.3-5etch2_all.deb
Size/MD5 checksum: 1924450 fc7d2aa9d8bc57a8bd3615f39499e8b9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 556836 2da3535c9476102271b19459b0d9c758
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 127370 6bd295ecce5bc819413cdb686658f210
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 140162 431114bf0d9815df8531b301b79cd367
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 61912 41e221d593bd8a2be1dcb7445e682405
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 3260412 4dbece9fc0df602b5735851888e00cc8
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 168898 1a9bb3e6d3c5cf5631d72fcc62c68658
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 116812 a2795fda7918ecc8b9c34e450479601f
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 61112 c4a94f63aa476f12746483a428fe0050
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 120290 4459eb92ea2cc9ef9b18bf91775c685a
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 382694 caf5f65f5d5127577bc3ad33d996bd71
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 54116 53a9fcda014e065daaa574e5f5b9ecbf
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 194024 220c8980c2ee0a660c8e6c4ebc107486
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 332832 30512d1f7210ba031a256c9386b54204
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 112674 68505d405f946ea2394193fd8edc8272
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 105148 058bfacc9d06ac03ee3f198e3b5880fb
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 101810 f0eb97816dd3a3a3c6f8e9b8937f951b
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_alpha.deb
Size/MD5 checksum: 128404 ba040cdd95d3006ffb297ecf32898439
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)