Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Update for Red Hat Enterprise Linux 7: Evolution Security RHSA-2020-1080-01

red hat
Calendar Grey March 31, 2020
Dist Redhat Esm H88
A new update for Evolution on Fedora tackles moderate security vulnerabilities and provides essential bug resolutions. Discover more details today.
An update for evolution, evolution-data-server, evolution-ews, and atk is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Evolution must be restarted for this update to take effect.

Summary

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality.
The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications.
Security Fix(es):
* evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages (CVE-2018-15587)
* evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts (CVE-2019-3890)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue update bug fix Red Hat Enterprise Linux evolution

References

https://access.redhat.com/security/cve/CVE-2018-15587 https://access.redhat.com/security/cve/CVE-2019-3890 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: atk-2.28.1-2.el7.src.rpm evolution-3.28.5-8.el7.src.rpm evolution-data-server-3.28.5-4.el7.src.rpm evolution-ews-3.28.5-5.el7.src.rpm
noarch: evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm evolution-ews-langpacks-3.28.5-5.el7.noarch.rpm evolution-help-3.28.5-8.el7.noarch.rpm evolution-langpacks-3.28.5-8.el7.noarch.rpm
x86_64: atk-2.28.1-2.el7.i686.rpm atk-2.28.1-2.el7.x86_64.rpm atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm evolution-3.28.5-8.el7.i686.rpm evolution-3.28.5-8.el7.x86_64.rpm evolution-data-server-3.28.5-4.el7.i686.rpm evolution-data-server-3.28.5-4.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.i686.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-debuginfo-3.28.5-8.el7.i686.rpm evolution-debuginfo-3.28.5-8.el7.x86_64.rpm evolution-ews-3.28.5-5.el7.i686.rpm evolution-ews-3.28.5-5.el7.x86_64.rpm evolution-ews-debuginfo-3.28.5-5.el7.i686.rpm evolution-ews-debuginfo-3.28.5-5.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: evolution-data-server-doc-3.28.5-4.el7.noarch.rpm evolution-devel-docs-3.28.5-8.el7.noarch.rpm
x86_64: atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2020:1080-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1080
Issue date: 2020-03-31

Topic

An update for evolution, evolution-data-server, evolution-ews, and atk isnow available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue update bug fix Red Hat Enterprise Linux evolution

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

Bugs Fixed

1392567 - Sync CategoryList with mail Labels

1677650 - CVE-2018-15587 evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages

1678313 - CVE-2019-3890 evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts

1753122 - GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child()

1753123 - Leaks AtkGObjectAccessible objects

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here