From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1813-2
[email protected] http://www.debian.org/security/ Steffen Joeris
July 22, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : evolution-data-server
Vulnerability : Several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-0587 CVE-2009-0547 CVE-2009-0582
Debian Bug : 508479 533386 536694
The previous update introduced a regression that stopped encrypted and
signed S/MIME messages to work properly. Also, there have been other regressions caused by the introduction of an undefined symbol.
This update corrects these flaws. For reference the original advisory
text is below.
Several vulnerabilities have been found in evolution-data-server, the
database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-0587
It was discovered that evolution-data-server is prone to integer
overflows triggered by large base64 strings.
CVE-2009-0547
Joachim Breitner discovered that S/MIME signatures are not verified
properly, which can lead to spoofing attacks.
CVE-2009-0582
It was discovered that NTLM authentication challenge packets are not
validated properly when using the NTLM authentication method, which
could lead to an information disclosure or a denial of service.
For the oldstable distribution (etch), these problems have been fixed in version 1.6.3-5etch3.
For the stable distribution (lenny), these problems have been fixed in
version 2.22.3-1.1+lenny2.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.26.1.1-1.
We recommend that you upgrade your evolution-data-server packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3.orig.tar.gz
Size/MD5 checksum: 9912159 b68864722532715d721f32e8a10660a1
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch3.diff.gz
Size/MD5 checksum: 55940 cdcaf125d790e45ba4d960f0695cee77
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch3.dsc
Size/MD5 checksum: 1737 b0a4a4e14dd4e3971f5cc9f42d9a9b7a
Architecture independent packages:
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-common_1.6.3-5etch3_all.deb
Size/MD5 checksum: 1924580 eb5af23eab34ae96663788d53e5f7d37
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 116988 0a188cec30e48c32108fcc82a1fb66d2
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 61278 a4293c396ba630753059e1baa64f7bba
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 62074 ebf44190389188f0519604a2b87e1855
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 3260538 c0f66b14c32903e142854603c56bc664
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 112828 62742c83b3b34a2e49f29aa2aec04d0e
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 120436 25c66f774cdadcc8e70055768083d70f
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 112072 a7aed4a1065d15a41882b347fa01ec33
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 54262 4f47895931149cbba4104800a956bd6d
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 69494 66582e324c36b1e1131a8212d9fd2d34
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 169060 d13becc86573b381a72a4a9c5f5087e1
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 382822 dd6d3da720bcfb7a255c9299af8dfa34
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 120202 5c42020d07a34e92ff90a67b91477e90
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 194198 f9d5e8bcdfc132f0d22b0567fea82c5d
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 127520 898e5e04774746623755962e8b31bbde
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch3_alpha.deb
Size/MD5 checksum: 128556 8061a2759339382153591d7cff2e990a
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)