-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:078 http://www.mandriva.com/security/ _______________________________________________________________________ Package : evolution-data-server Date : March 23, 2009 Affected: 2008.0, 2008.1, 2009.0 _______________________________________________________________________ Problem Description: A wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy (CVE-2009-0547). Crafted authentication challange packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client (CVE-2009-0582). Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0587). This update provides fixes for those vulnerabilities. Update: evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0582 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0587 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6bd3e60d16d5aa9a9344b92fd07ce22a 2008.0/i586/evolution-data-server-1.12.2-1.2mdv2008.0.i586.rpm 292256ba96c4ac43e910c1fc9e4d8fbe 2008.0/i586/libcamel10-1.12.2-1.2mdv2008.0.i586.rpm 8f8334411c8485e14582df3e73c4a242 2008.0/i586/libcamel-provider10-1.12.2-1.2mdv2008.0.i586.rpm 554f16120b2c910306091ebc4f027c8e 2008.0/i586/libebook9-1.12.2-1.2mdv2008.0.i586.rpm d12b3caff29d424332eed92da50b014e 2008.0/i586/libecal7-1.12.2-1.2mdv2008.0.i586.rpm d2305fd2775aef20aa09822a18b23e20 2008.0/i586/libedata-book2-1.12.2-1.2mdv2008.0.i586.rpm 1ff922bf3b96e349e88b8a5098577fd3 2008.0/i586/libedata-cal6-1.12.2-1.2mdv2008.0.i586.rpm 7ad077472c308ba0a1eab267cf5f41d9 2008.0/i586/libedataserver9-1.12.2-1.2mdv2008.0.i586.rpm a1e5f6341427c8252ae2f5bb53abb864 2008.0/i586/libedataserver-devel-1.12.2-1.2mdv2008.0.i586.rpm f98aab2c87187723a91d63851dc7307b 2008.0/i586/libedataserverui8-1.12.2-1.2mdv2008.0.i586.rpm ad342077949f641b46f3d31336884565 2008.0/i586/libegroupwise13-1.12.2-1.2mdv2008.0.i586.rpm 1ea20abb0c00d4139c042db7562ad33e 2008.0/i586/libexchange-storage3-1.12.2-1.2mdv2008.0.i586.rpm 8f2762c4677d1dcec526d28634b1cdc8 2008.0/SRPMS/evolution-data-server-1.12.2-1.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: a89eb6ee96b0885eaec6a3d0fcd402c4 2008.0/x86_64/evolution-data-server-1.12.2-1.2mdv2008.0.x86_64.rpm 5513ceadc9a7d771dd4bb631c5b1ac57 2008.0/x86_64/lib64camel10-1.12.2-1.2mdv2008.0.x86_64.rpm 41120c43bb29316bfb0d2dc80beaafcc 2008.0/x86_64/lib64camel-provider10-1.12.2-1.2mdv2008.0.x86_64.rpm 00d51e294ef4eb3edf7b489344bef709 2008.0/x86_64/lib64ebook9-1.12.2-1.2mdv2008.0.x86_64.rpm b314b6a23b6391e9e16717901ef116c2 2008.0/x86_64/lib64ecal7-1.12.2-1.2mdv2008.0.x86_64.rpm 564990bbcd635511e24526eadd7b6282 2008.0/x86_64/lib64edata-book2-1.12.2-1.2mdv2008.0.x86_64.rpm 74b630513512849237d91c8b5fd4cf3d 2008.0/x86_64/lib64edata-cal6-1.12.2-1.2mdv2008.0.x86_64.rpm cc2e43cfd37817b53693b33f53380df0 2008.0/x86_64/lib64edataserver9-1.12.2-1.2mdv2008.0.x86_64.rpm fcaa0d13f171907d85152c88c49baf75 2008.0/x86_64/lib64edataserver-devel-1.12.2-1.2mdv2008.0.x86_64.rpm e1e8a7e5cae46fb8ecc071f44b1e5357 2008.0/x86_64/lib64edataserverui8-1.12.2-1.2mdv2008.0.x86_64.rpm f2e8758d708c296f9768ac45b7a6997f 2008.0/x86_64/lib64egroupwise13-1.12.2-1.2mdv2008.0.x86_64.rpm e86333bb9e1ff53c17d24614c01f8d06 2008.0/x86_64/lib64exchange-storage3-1.12.2-1.2mdv2008.0.x86_64.rpm 8f2762c4677d1dcec526d28634b1cdc8 2008.0/SRPMS/evolution-data-server-1.12.2-1.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 3be98e3222f18f7ad77f52cae18a3f53 2008.1/i586/evolution-data-server-2.22.3-1.2mdv2008.1.i586.rpm 46835255c35dfdaf1143fd55449d81b7 2008.1/i586/libcamel11-2.22.3-1.2mdv2008.1.i586.rpm a97c396fb8672423112ee79d6bc006da 2008.1/i586/libcamel-provider11-2.22.3-1.2mdv2008.1.i586.rpm 68bec1fe382f26707e631eb713225a49 2008.1/i586/libebook9-2.22.3-1.2mdv2008.1.i586.rpm 87c10b897330b34b3d07ef1b07cb4a9f 2008.1/i586/libecal7-2.22.3-1.2mdv2008.1.i586.rpm fd3fba7ea5451dce1d0df1bd3fc60a16 2008.1/i586/libedata-book2-2.22.3-1.2mdv2008.1.i586.rpm 64ca4e53ca5f7f4b2691b843953058ae 2008.1/i586/libedata-cal6-2.22.3-1.2mdv2008.1.i586.rpm 7f76ed81e4c5437de49d197101aa7332 2008.1/i586/libedataserver9-2.22.3-1.2mdv2008.1.i586.rpm 7f95a2a8b876df47c0b7ad62e8753160 2008.1/i586/libedataserver-devel-2.22.3-1.2mdv2008.1.i586.rpm 0b1ed9835be5d7e57dd66b9140dd2268 2008.1/i586/libedataserverui8-2.22.3-1.2mdv2008.1.i586.rpm bc8a216136da73264f106ebda24ccb5b 2008.1/i586/libegroupwise13-2.22.3-1.2mdv2008.1.i586.rpm 74ee765271a478ed654b75dee813256a 2008.1/i586/libexchange-storage3-2.22.3-1.2mdv2008.1.i586.rpm 633e1f092cf81c404c74bdcec4714703 2008.1/i586/libgdata1-2.22.3-1.2mdv2008.1.i586.rpm 49ea7ff50dfd16062fc0b67023849a54 2008.1/SRPMS/evolution-data-server-2.22.3-1.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 670373514981fcfd42704ff50bd981fa 2008.1/x86_64/evolution-data-server-2.22.3-1.2mdv2008.1.x86_64.rpm e2560387c8b8934baf25b4b2b2de9e74 2008.1/x86_64/lib64camel11-2.22.3-1.2mdv2008.1.x86_64.rpm fe118c0ea5cfe68d7097e620f57b1279 2008.1/x86_64/lib64camel-provider11-2.22.3-1.2mdv2008.1.x86_64.rpm 78585bbd328376b22f0c766a569647e7 2008.1/x86_64/lib64ebook9-2.22.3-1.2mdv2008.1.x86_64.rpm f45dee9d1bd98f426a0cf284a01c9397 2008.1/x86_64/lib64ecal7-2.22.3-1.2mdv2008.1.x86_64.rpm fcaad5ce1f9a45565b83f25c271601e5 2008.1/x86_64/lib64edata-book2-2.22.3-1.2mdv2008.1.x86_64.rpm d29452a6255e90a6c021e4262dca8797 2008.1/x86_64/lib64edata-cal6-2.22.3-1.2mdv2008.1.x86_64.rpm cb16a0e0c5a22c72d34b603122a81d24 2008.1/x86_64/lib64edataserver9-2.22.3-1.2mdv2008.1.x86_64.rpm 7f559ca0d7498fa7d70c4dab1f9cc8ae 2008.1/x86_64/lib64edataserver-devel-2.22.3-1.2mdv2008.1.x86_64.rpm a48581b50953bb080a40bbcd5e4b422e 2008.1/x86_64/lib64edataserverui8-2.22.3-1.2mdv2008.1.x86_64.rpm 6ec96948b374a44491d6659083ba76bd 2008.1/x86_64/lib64egroupwise13-2.22.3-1.2mdv2008.1.x86_64.rpm 3fa45afb3abbd3c77e254fda0da424eb 2008.1/x86_64/lib64exchange-storage3-2.22.3-1.2mdv2008.1.x86_64.rpm 23f73c9a1405c768a49f62552c680cfa 2008.1/x86_64/lib64gdata1-2.22.3-1.2mdv2008.1.x86_64.rpm 49ea7ff50dfd16062fc0b67023849a54 2008.1/SRPMS/evolution-data-server-2.22.3-1.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 59ef53fa7d268e81f404ddc538c9ac26 2009.0/i586/evolution-data-server-2.24.2-2.2mdv2009.0.i586.rpm 3d84382377d27dad8d406d1d8a7d5eb2 2009.0/i586/libcamel14-2.24.2-2.2mdv2009.0.i586.rpm c27b63a7c1a85ca33615f70055cadf71 2009.0/i586/libebackend0-2.24.2-2.2mdv2009.0.i586.rpm 455a545fac4d7bec31b844ddebb57e0a 2009.0/i586/libebook9-2.24.2-2.2mdv2009.0.i586.rpm 1c4907ff88489011e8ab31c7394cdbef 2009.0/i586/libecal7-2.24.2-2.2mdv2009.0.i586.rpm d9984628bc49bfbebabc84ec1953d33c 2009.0/i586/libedata-book2-2.24.2-2.2mdv2009.0.i586.rpm fe22354397f7bf8d7957b4b13607e539 2009.0/i586/libedata-cal6-2.24.2-2.2mdv2009.0.i586.rpm 3f005b703bde0898ee545e5a0bbfc8e6 2009.0/i586/libedataserver11-2.24.2-2.2mdv2009.0.i586.rpm 7ebda4f39cf70f8a1729079b13b21ac0 2009.0/i586/libedataserver-devel-2.24.2-2.2mdv2009.0.i586.rpm aa13c35974f81f495e7ae6f4699750c7 2009.0/i586/libedataserverui8-2.24.2-2.2mdv2009.0.i586.rpm c9f7f0d15f501431ae541592eb142705 2009.0/i586/libegroupwise13-2.24.2-2.2mdv2009.0.i586.rpm 02b8b6603c16920b11cb2aa26b4c8b6a 2009.0/i586/libexchange-storage3-2.24.2-2.2mdv2009.0.i586.rpm d6724a2358dd27ef05b2a40678be46f7 2009.0/i586/libgdata1-2.24.2-2.2mdv2009.0.i586.rpm ffce99dbbd074a3a744f2470ee6bfe5b 2009.0/SRPMS/evolution-data-server-2.24.2-2.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 5ea4be495d706643ea838b66854e28f5 2009.0/x86_64/evolution-data-server-2.24.2-2.2mdv2009.0.x86_64.rpm 1398c10b38aabb1100b4dad6dd2b1086 2009.0/x86_64/lib64camel14-2.24.2-2.2mdv2009.0.x86_64.rpm 6ba652147caa5dab986a5b763e346b4d 2009.0/x86_64/lib64ebackend0-2.24.2-2.2mdv2009.0.x86_64.rpm bb6feb90ceb9b982ba99f374ecbcb2d2 2009.0/x86_64/lib64ebook9-2.24.2-2.2mdv2009.0.x86_64.rpm 0950c2b31de5c9ceb118912b6cd3faf0 2009.0/x86_64/lib64ecal7-2.24.2-2.2mdv2009.0.x86_64.rpm cd2681c502d794e8a2c408582e24537c 2009.0/x86_64/lib64edata-book2-2.24.2-2.2mdv2009.0.x86_64.rpm 9a4993b5402eb99b9687a648279bd3d0 2009.0/x86_64/lib64edata-cal6-2.24.2-2.2mdv2009.0.x86_64.rpm 3ecbd64eb57e83aeb58992d231c5ac87 2009.0/x86_64/lib64edataserver11-2.24.2-2.2mdv2009.0.x86_64.rpm d43c94570e8ad660ac2e62ee8760ea5b 2009.0/x86_64/lib64edataserver-devel-2.24.2-2.2mdv2009.0.x86_64.rpm 5d2a86d37af602f2ceaadf2c526d5261 2009.0/x86_64/lib64edataserverui8-2.24.2-2.2mdv2009.0.x86_64.rpm dd3a5396088eac43c0044cb454baebc2 2009.0/x86_64/lib64egroupwise13-2.24.2-2.2mdv2009.0.x86_64.rpm 77f85ad7cb6a82fdc1bb602649d43775 2009.0/x86_64/lib64exchange-storage3-2.24.2-2.2mdv2009.0.x86_64.rpm a341e5e2b653488c9853a20e037edcf8 2009.0/x86_64/lib64gdata1-2.24.2-2.2mdv2009.0.x86_64.rpm ffce99dbbd074a3a744f2470ee6bfe5b 2009.0/SRPMS/evolution-data-server-2.24.2-2.2mdv2009.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJx5vemqjQ0CJFipgRAqAAAJ9Fw/DVMwRDkW7kTy4T8IQePfHVngCg0LPr V8zfxQ/wOKJQXeyG95vtR8I= =ZEsU -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/