Evolution Data Server could be made to expose sensitive information over
the network.
Software Description:
- evolution-data-server: Evolution suite data server
Details:
It was discovered that Evolution Data Server incorrectly handled STARTTLS
when using SMTP and POP3. A remote attacker could possibly use this issue
to perform a response injection attack.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: evolution-data-server 3.36.3-0ubuntu1.1 evolution-data-server-common 3.36.3-0ubuntu1.1 libcamel-1.2-62 3.36.3-0ubuntu1.1 libebackend-1.2-10 3.36.3-0ubuntu1.1 libedataserver-1.2-24 3.36.3-0ubuntu1.1 Ubuntu 18.04 LTS: evolution-data-server 3.28.5-0ubuntu0.18.04.3 evolution-data-server-common 3.28.5-0ubuntu0.18.04.3 libcamel-1.2-61 3.28.5-0ubuntu0.18.04.3 libebackend-1.2-10 3.28.5-0ubuntu0.18.04.3 libedataserver-1.2-23 3.28.5-0ubuntu0.18.04.3 Ubuntu 16.04 LTS: evolution-data-server 3.18.5-1ubuntu1.3 evolution-data-server-common 3.18.5-1ubuntu1.3 libcamel-1.2-54 3.18.5-1ubuntu1.3 libebackend-1.2-10 3.18.5-1ubuntu1.3 libedataserver-1.2-21 3.18.5-1ubuntu1.3 After a standard system update you need to restart your session to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4429-1
CVE-2020-14928
Get the latest Linux and open source security news straight to your inbox.