Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Debian: DSA-1924-3 Urgent: OpenSSL TLS Vulnerability Detected

debian
Calendar Grey July 22, 2009
Scroller Debian
Ubuntu Security Notice USN-4817-1 addresses vulnerabilities in GnuTLS impacting TLS/SSL protocols.
The previous update introduced a regression that stopped encrypted and signed S/MIME messages to work properly

Summary

Several vulnerabilities have been found in evolution-data-server, the
database backend server for the evolution groupware suite. The Common
Vulnerabilities and Exposures project identifies the following problems:


CVE-2009-0587

It was discovered that evolution-data-server is prone to integer
overflows triggered by large base64 strings.

CVE-2009-0547

Joachim Breitner discovered that S/MIME signatures are not verified
properly, which can lead to spoofing attacks.

CVE-2009-0582

It was discovered that NTLM authentication challenge packets are not
validated properly when using the NTLM authentication method, which
could lead to an information disclosure or a denial of service.


For the oldstable distribution (etch), these problems have been fixed in
version 1.6.3-5etch3.

For the stable distribution (lenny), these problems have been fixed in
version 2.22.3-1.1+lenny2.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.26.1.1-1.


We recommend ...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.