[USN-3724-1] Evolution Data Server vulnerability

Mike Salvatore mike.salvatore at canonical.com
Thu Jul 26 14:01:36 UTC 2018


==========================================================================
Ubuntu Security Notice USN-3724-1
July 26, 2018

evolution-data-server vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Evolution Data Server could be made to expose sensitive information over the
network.

Software Description:
- evolution-data-server: Evolution suite data server

Details:

Jon Kristensen discovered that Evolution Data Server would automatically
downgrade a connection to an IMAP server if the IMAP server did not support
SSL. This would result in the user's password being unexpectedly sent in clear
text, even though the user had requested to use SSL.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  evolution-data-server           3.18.5-1ubuntu1.1
  evolution-data-server-common    3.18.5-1ubuntu1.1
  libcamel-1.2-54                 3.18.5-1ubuntu1.1
  libebackend-1.2-10              3.18.5-1ubuntu1.1
  libedataserver-1.2-21           3.18.5-1ubuntu1.1

Ubuntu 14.04 LTS:
  evolution-data-server           3.10.4-0ubuntu1.6
  evolution-data-server-common    3.10.4-0ubuntu1.6
  libcamel-1.2-45                 3.10.4-0ubuntu1.6
  libebackend-1.2-7               3.10.4-0ubuntu1.6
  libedataserver-1.2-18           3.10.4-0ubuntu1.6

After a standard system update you need to restart Evolution to make
all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3724-1
  CVE-2016-10727

Package Information:
  https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/evolution-data-server/3.10.4-0ubuntu1.6


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20180726/af9e9f08/attachment.sig>


More information about the ubuntu-security-announce mailing list