Debian: DSA-1813-1 Critical: Integer Overflow In Evolution-Data-Server
debian
June 8, 2009
Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite
Summary
CVE-2009-0587
It was discovered that evolution-data-server is prone to integer
overflows triggered by large base64 strings.
CVE-2009-0547
Joachim Breitner discovered that S/MIME signatures are not verified
properly, which can lead to spoofing attacks.
CVE-2009-0582
It was discovered that NTLM authentication challenge packets are not
validated properly when using the NTLM authentication method, which
could lead to an information disclosure or a denial of service.
For the oldstable distribution (etch), these problems have been fixed in
version 1.6.3-5etch2.
For the stable distribution (lenny), these problems have been fixed in
version 2.22.3-1.1+lenny1.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.26.1.1-1.
We recommend that you upgrade your evolution-data-server packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are usin...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!