Red Hat Enterprise Linux 5 RHSA-2007:0344-01 Moderate APOP Security Risk

Updated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5.A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: evolution-data-server security update
Advisory ID:       RHSA-2007:0344-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0344.html
Issue date:        2007-05-30
Updated on:        2007-05-30
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-1558 
- ---------------------------------------------------------------------1. Summary:

Updated evolution-data-server package that fixes a security bug are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The evolution-data-server package provides a unified backend for programs
that work with contacts, tasks, and calendar information.

A flaw was found in the way evolution-data-server processed certain APOP
authentication requests. By sending certain responses when
evolution-data-server attempted to authenticate against an APOP server, a
remote attacker could potentially acquire certain portions of a user's
authentication credentials. (CVE-2007-1558)

All users of evolution-data-server should upgrade to these updated
packages, which contain a backported patch which resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (https://bugzilla.redhat.com/):

235289 - CVE-2007-1558 Evolution APOP information disclosure

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
2dc38ea8fd12a3654ddf4bd36dd3f0c8  evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
12a37eee5ad4c2a982eebefd8b2d5686  evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm

x86_64:
12a37eee5ad4c2a982eebefd8b2d5686  evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
e9049a57a4a46768187c942d09ed18e1  evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
2dc38ea8fd12a3654ddf4bd36dd3f0c8  evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
85d93f27c86928de6a3e861f3c9dc68c  evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm

x86_64:
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm
85d93f27c86928de6a3e861f3c9dc68c  evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
89bff966c9bec550c442038a2028135c  evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
2dc38ea8fd12a3654ddf4bd36dd3f0c8  evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
12a37eee5ad4c2a982eebefd8b2d5686  evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
85d93f27c86928de6a3e861f3c9dc68c  evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm

ia64:
6ba76e70eb9826231d246797ab6b21c7  evolution-data-server-1.8.0-15.0.3.el5.ia64.rpm
da4300ef017ecd2c01853894b47b2e6b  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ia64.rpm
2662f80f6af03a05e2d064b2ace99c24  evolution-data-server-devel-1.8.0-15.0.3.el5.ia64.rpm

ppc:
4539079a11bca9401812c12d59ceb6e1  evolution-data-server-1.8.0-15.0.3.el5.ppc.rpm
77b4f4f8897286bc0d10d51e32838572  evolution-data-server-1.8.0-15.0.3.el5.ppc64.rpm
4b37d2c9d8512fda671864484d550833  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ppc.rpm
28cb1a7aad5d3be6adfe3e09009ddbb5  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ppc64.rpm
179b33eab82f94e18069641ae5c252aa  evolution-data-server-devel-1.8.0-15.0.3.el5.ppc.rpm
54367c5a72247c9acc6663e164fe8839  evolution-data-server-devel-1.8.0-15.0.3.el5.ppc64.rpm

s390x:
e845ec48cdc8df471d5d114a93e21344  evolution-data-server-1.8.0-15.0.3.el5.s390.rpm
c0c440eb4ed5dd2d930434a3a92a8461  evolution-data-server-1.8.0-15.0.3.el5.s390x.rpm
1c4626a99ac75f4b68598e1c2c324b6a  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.s390.rpm
e47ff2ee3fc82654354792db8cd458b1  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.s390x.rpm
8d834b7fe2e3c55da02516402f5b5970  evolution-data-server-devel-1.8.0-15.0.3.el5.s390.rpm
88b102e274ed7c5eac65147b3922b567  evolution-data-server-devel-1.8.0-15.0.3.el5.s390x.rpm

x86_64:
12a37eee5ad4c2a982eebefd8b2d5686  evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
e9049a57a4a46768187c942d09ed18e1  evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm
f763fab632e616cd201ca80e9f54010c  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205  evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm
85d93f27c86928de6a3e861f3c9dc68c  evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
89bff966c9bec550c442038a2028135c  evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key#package

7. References:

https://www.cve.org/CVERecord?id=CVE-2007-1558
https://access.redhat.com/security/updates/classification#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

Red Hat Enterprise Linux 5 RHSA-2007:0344-01 Moderate APOP Security Risk

red hat

May 30, 2007

Updated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5.A flaw was found in the way evolution-data-server processed certai...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (https://bugzilla.redhat.com/):

235289 - CVE-2007-1558 Evolution APOP information disclosure

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS: 2dc38ea8fd12a3654ddf4bd36dd3f0c8 evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386: 12a37eee5ad4c2a982eebefd8b2d5686 evolution-data-server-1.8.0-15.0.3.el5.i386.rpm f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS: 2dc38ea8fd12a3654ddf4bd36dd3f0c8 evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386: f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm 85d93f27c86928de6a3e861f3c9dc68c evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm

x86_64: f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm 7f6536db1f877c1b4f7c741fa0d39205 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm 85d93f27c86928de6a3e861f3c9dc68c evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm 89bff966c9bec550c442038a2028135c evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS: 2dc38ea8fd12a3654ddf4bd36dd3f0c8 evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386: 12a37eee5ad4c2a982eebefd8b2d5686 evolution-data-server-1.8.0-15.0.3.el5.i386.rpm f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm 85d93f27c86928de6a3e861f3c9dc68c evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm

ia64: 6ba76e70eb9826231d246797ab6b21c7 evolution-data-server-1.8.0-15.0.3.el5.ia64.rpm da4300ef017ecd2c01853894b47b2e6b evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ia64.rpm 2662f80f6af03a05e2d064b2ace99c24 evolution-data-server-devel-1.8.0-15.0.3.el5.ia64.rpm

ppc: 4539079a11bca9401812c12d59ceb6e1 evolution-data-server-1.8.0-15.0.3.el5.ppc.rpm 77b4f4f8897286bc0d10d51e32838572 evolution-data-server-1.8.0-15.0.3.el5.ppc64.rpm 4b37d2c9d8512fda671864484d550833 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ppc.rpm 28cb1a7aad5d3be6adfe3e09009ddbb5 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ppc64.rpm 179b33eab82f94e18069641ae5c252aa evolution-data-server-devel-1.8.0-15.0.3.el5.ppc.rpm 54367c5a72247c9acc6663e164fe8839 evolution-data-server-devel-1.8.0-15.0.3.el5.ppc64.rpm

s390x: e845ec48cdc8df471d5d114a93e21344 evolution-data-server-1.8.0-15.0.3.el5.s390.rpm c0c440eb4ed5dd2d930434a3a92a8461 evolution-data-server-1.8.0-15.0.3.el5.s390x.rpm 1c4626a99ac75f4b68598e1c2c324b6a evolution-data-server-debuginfo-1.8.0-15.0.3.el5.s390.rpm e47ff2ee3fc82654354792db8cd458b1 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.s390x.rpm 8d834b7fe2e3c55da02516402f5b5970 evolution-data-server-devel-1.8.0-15.0.3.el5.s390.rpm 88b102e274ed7c5eac65147b3922b567 evolution-data-server-devel-1.8.0-15.0.3.el5.s390x.rpm

x86_64: 12a37eee5ad4c2a982eebefd8b2d5686 evolution-data-server-1.8.0-15.0.3.el5.i386.rpm e9049a57a4a46768187c942d09ed18e1 evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm 7f6536db1f877c1b4f7c741fa0d39205 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm 85d93f27c86928de6a3e861f3c9dc68c evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm 89bff966c9bec550c442038a2028135c evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

Topics Covered

security advisory moderate security update security issue Red Hat Enterprise Linux evolution-data-server APOP authentication

References

https://www.cve.org/CVERecord?id=CVE-2007-1558 https://access.redhat.com/security/updates/classification#moderate

Package List

Advisory ID: RHSA-2007:0344-01

Advisory URL: https://access.redhat.com/errata/RHSA-2007:0344.html

Issue date: 2007-05-30

Updated on: 2007-05-30

Product: Red Hat Enterprise Linux

Topic

Topics Covered

security advisory moderate security update security issue Red Hat Enterprise Linux evolution-data-server APOP authentication

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux 5 RHSA-2007:0344-01 Moderate APOP Security Risk

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Red Hat Enterprise Linux 5 RHSA-2007:0344-01 Moderate APOP Security Risk

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux 5 RHSA-2007:0344-01 Moderate APOP Security Risk

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Red Hat Enterprise Linux 5 RHSA-2007:0344-01 Moderate APOP Security Risk

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!