[USN-6876-1] Kopano Core vulnerabilities
Chrisa Oikonomou
chrisa.oikonomou at canonical.com
Thu Jul 4 16:40:10 UTC 2024
==========================================================================
Ubuntu Security Notice USN-6876-1
July 04, 2024
kopanocore vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Kopano Core.
Software Description:
- kopanocore: Complete and feature rich groupware solution
Details:
It was discovered that Kopano Core allowed out-of-bounds access. An
attacker could use this issue to expose private information. This issue
only affected Ubuntu 18.04 LTS. (CVE-2019-19907)
It was discovered that Kopano Core allowed possible authentication
with expired passwords. An attacker could use this issue to bypass
authentication. (CVE-2022-26562)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
kopano-archiver 8.7.0-7.1ubuntu10.1
kopano-contacts 8.7.0-7.1ubuntu10.1
kopano-dagent 8.7.0-7.1ubuntu10.1
kopano-gateway 8.7.0-7.1ubuntu10.1
kopano-ical 8.7.0-7.1ubuntu10.1
kopano-libs 8.7.0-7.1ubuntu10.1
kopano-monitor 8.7.0-7.1ubuntu10.1
kopano-server 8.7.0-7.1ubuntu10.1
kopano-spooler 8.7.0-7.1ubuntu10.1
kopano-utils 8.7.0-7.1ubuntu10.1
php-mapi 8.7.0-7.1ubuntu10.1
python3-mapi 8.7.0-7.1ubuntu10.1
Ubuntu 20.04 LTS
kopano-archiver 8.7.0-7ubuntu1.1
kopano-contacts 8.7.0-7ubuntu1.1
kopano-dagent 8.7.0-7ubuntu1.1
kopano-gateway 8.7.0-7ubuntu1.1
kopano-ical 8.7.0-7ubuntu1.1
kopano-libs 8.7.0-7ubuntu1.1
kopano-monitor 8.7.0-7ubuntu1.1
kopano-server 8.7.0-7ubuntu1.1
kopano-spooler 8.7.0-7ubuntu1.1
kopano-utils 8.7.0-7ubuntu1.1
php-mapi 8.7.0-7ubuntu1.1
python3-mapi 8.7.0-7ubuntu1.1
Ubuntu 18.04 LTS
kopano-archiver 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-contacts 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-dagent 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-gateway 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-ical 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-libs 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-monitor 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-server 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-spooler 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-utils 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
php-mapi 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
python-mapi 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6876-1
<https://ubuntu.com/security/notices/USN-6876-1>
CVE-2019-19907, CVE-2022-26562
Package Information:
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1ubuntu10.1
<https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1ubuntu10.1>
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ubuntu1.1
<https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ubuntu1.1>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240704/4952268d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240704/4952268d/attachment-0001.sig>
More information about the ubuntu-security-announce
mailing list