Ubuntu Security Notice USN-4429-1

Ubuntu Security Notice USN-4429-1: Posted Jul 22, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4429-1 - It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2020-14928; SHA-256 | f6956b1c90a287224c0c82eff6fa6dee8aa4fe8193cff2ffcedd3f924d51822d; Download | Favorite | View

Ubuntu Security Notice USN-4429-1

==========================================================================
Ubuntu Security Notice USN-4429-1
July 22, 2020

evolution-data-server vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Evolution Data Server could be made to expose sensitive information over
the network.

Software Description:
- evolution-data-server: Evolution suite data server

Details:

It was discovered that Evolution Data Server incorrectly handled STARTTLS
when using SMTP and POP3. A remote attacker could possibly use this issue
to perform a response injection attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  evolution-data-server           3.36.3-0ubuntu1.1
  evolution-data-server-common    3.36.3-0ubuntu1.1
  libcamel-1.2-62                 3.36.3-0ubuntu1.1
  libebackend-1.2-10              3.36.3-0ubuntu1.1
  libedataserver-1.2-24           3.36.3-0ubuntu1.1

Ubuntu 18.04 LTS:
  evolution-data-server           3.28.5-0ubuntu0.18.04.3
  evolution-data-server-common    3.28.5-0ubuntu0.18.04.3
  libcamel-1.2-61                 3.28.5-0ubuntu0.18.04.3
  libebackend-1.2-10              3.28.5-0ubuntu0.18.04.3
  libedataserver-1.2-23           3.28.5-0ubuntu0.18.04.3

Ubuntu 16.04 LTS:
  evolution-data-server           3.18.5-1ubuntu1.3
  evolution-data-server-common    3.18.5-1ubuntu1.3
  libcamel-1.2-54                 3.18.5-1ubuntu1.3
  libebackend-1.2-10              3.18.5-1ubuntu1.3
  libedataserver-1.2-21           3.18.5-1ubuntu1.3

After a standard system update you need to restart your session to make
all the necessary changes.

References:
  https://usn.ubuntu.com/4429-1
  CVE-2020-14928

Package Information:
  https://launchpad.net/ubuntu/+source/evolution-data-server/3.36.3-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/evolution-data-server/3.28.5-0ubuntu0.18.04.3
  https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.3

Top Authors In Last 30 Days

Red Hat 247 files
Ubuntu 96 files
indoushka 49 files
Jasper Nota 25 files
Gentoo 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Debian 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,085)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,603)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,724)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

Ubuntu Security Notice USN-4429-1

Ubuntu Security Notice USN-4429-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-4429-1

Share This

Ubuntu Security Notice USN-4429-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems