Ubuntu Security Notice USN-4429-1

Ubuntu Security Notice USN-4429-1: Posted Jul 22, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4429-1 - It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2020-14928; SHA-256 | f6956b1c90a287224c0c82eff6fa6dee8aa4fe8193cff2ffcedd3f924d51822d; Download | Favorite | View

Ubuntu Security Notice USN-4429-1

==========================================================================
Ubuntu Security Notice USN-4429-1
July 22, 2020

evolution-data-server vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Evolution Data Server could be made to expose sensitive information over
the network.

Software Description:
- evolution-data-server: Evolution suite data server

Details:

It was discovered that Evolution Data Server incorrectly handled STARTTLS
when using SMTP and POP3. A remote attacker could possibly use this issue
to perform a response injection attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  evolution-data-server           3.36.3-0ubuntu1.1
  evolution-data-server-common    3.36.3-0ubuntu1.1
  libcamel-1.2-62                 3.36.3-0ubuntu1.1
  libebackend-1.2-10              3.36.3-0ubuntu1.1
  libedataserver-1.2-24           3.36.3-0ubuntu1.1

Ubuntu 18.04 LTS:
  evolution-data-server           3.28.5-0ubuntu0.18.04.3
  evolution-data-server-common    3.28.5-0ubuntu0.18.04.3
  libcamel-1.2-61                 3.28.5-0ubuntu0.18.04.3
  libebackend-1.2-10              3.28.5-0ubuntu0.18.04.3
  libedataserver-1.2-23           3.28.5-0ubuntu0.18.04.3

Ubuntu 16.04 LTS:
  evolution-data-server           3.18.5-1ubuntu1.3
  evolution-data-server-common    3.18.5-1ubuntu1.3
  libcamel-1.2-54                 3.18.5-1ubuntu1.3
  libebackend-1.2-10              3.18.5-1ubuntu1.3
  libedataserver-1.2-21           3.18.5-1ubuntu1.3

After a standard system update you need to restart your session to make
all the necessary changes.

References:
  https://usn.ubuntu.com/4429-1
  CVE-2020-14928

Package Information:
  https://launchpad.net/ubuntu/+source/evolution-data-server/3.36.3-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/evolution-data-server/3.28.5-0ubuntu0.18.04.3
  https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.3

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Ubuntu Security Notice USN-4429-1

Ubuntu Security Notice USN-4429-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-4429-1

Share This

Ubuntu Security Notice USN-4429-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems