Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 42 articles for you...
87

Debian Bullseye: DSA-5396-2 Critical Update For Evolution Software

The webkit2gtk update released as 5396-1 introduced a compatibility problem that caused Evolution to display e-mail incorrectly. Evolution has been updated to solve this issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5396-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Alberto Garcia May 04, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : evolution Debian Bug : 1035469 The webkit2gtk update released as 5396-1 introduced a compatibility problem that caused Evolution to display e-mail incorrectly. Evolution has been updated to solve this issue. For the stable distribution (bullseye), this problem has been fixed in version 3.38.3-1+deb11u2. We recommend that you upgrade your evolution packages. For the detailed security status of evolution please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/evolution Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu has issued a patch for Thunderbird to resolve integration problems stemming from an earlier version. Update strongly advised.. Debian Security Advisory, Evolution Software, Compatibility Issue. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 04, 2023 Critical Debian
98

Red Hat Enterprise Linux 8 RHSA-2021-1752-01 Low Impact: Evolution Bug Fix

An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: evolution security, bug fix, and enhancement update Advisory ID: RHSA-2021:1752-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1752 Issue date: 2021-05-18 CVE Names: CVE-2020-16117 ==================================================================== 1. Summary: An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Security Fix(es): * evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server (CVE-2020-16117) For more details about the security issue(s), including theimpact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Evolution must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1862125 - CVE-2020-16117 evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server 1883619 - ECalendarItem: Settings loaded only when being shown 1885229 - Allow change of the Microsoft 365 OAuth2 endpoints 1886026 - Simplify OAuth2 for outlook.office365.com server 1902630 - Crash on file drag into mail composer with WebKitGTK 2.30 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: evolution-3.28.5-16.el8.src.rpm evolution-data-server-3.28.5-15.el8.src.rpm evolution-ews-3.28.5-10.el8.src.rpm aarch64: evolution-3.28.5-16.el8.aarch64.rpm evolution-bogofilter-3.28.5-16.el8.aarch64.rpm evolution-bogofilter-debuginfo-3.28.5-16.el8.aarch64.rpm evolution-data-server-3.28.5-15.el8.aarch64.rpm evolution-data-server-debuginfo-3.28.5-15.el8.aarch64.rpm evolution-data-server-debugsource-3.28.5-15.el8.aarch64.rpm evolution-data-server-devel-3.28.5-15.el8.aarch64.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.aarch64.rpm evolution-debuginfo-3.28.5-16.el8.aarch64.rpm evolution-debugsource-3.28.5-16.el8.aarch64.rpm evolution-ews-3.28.5-10.el8.aarch64.rpm evolution-ews-debuginfo-3.28.5-10.el8.aarch64.rpm evolution-ews-debugsource-3.28.5-10.el8.aarch64.rpm evolution-pst-3.28.5-16.el8.aarch64.rpm evolution-pst-debuginfo-3.28.5-16.el8.aarch64.rpm evolution-spamassassin-3.28.5-16.el8.aarch64.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.aarch64.rpm noarch: evolution-data-server-langpacks-3.28.5-15.el8.noarch.rpm evolution-ews-langpacks-3.28.5-10.el8.noarch.rpm evolution-help-3.28.5-16.el8.noarch.rpm evolution-langpacks-3.28.5-16.el8.noarch.rpm ppc64le: evolution-3.28.5-16.el8.ppc64le.rpm evolution-bogofilter-3.28.5-16.el8.ppc64le.rpm evolution-bogofilter-debuginfo-3.28.5-16.el8.ppc64le.rpm evolution-data-server-3.28.5-15.el8.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-15.el8.ppc64le.rpm evolution-data-server-debugsource-3.28.5-15.el8.ppc64le.rpm evolution-data-server-devel-3.28.5-15.el8.ppc64le.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.ppc64le.rpm evolution-debuginfo-3.28.5-16.el8.ppc64le.rpm evolution-debugsource-3.28.5-16.el8.ppc64le.rpm evolution-ews-3.28.5-10.el8.ppc64le.rpm evolution-ews-debuginfo-3.28.5-10.el8.ppc64le.rpm evolution-ews-debugsource-3.28.5-10.el8.ppc64le.rpm evolution-pst-3.28.5-16.el8.ppc64le.rpm evolution-pst-debuginfo-3.28.5-16.el8.ppc64le.rpm evolution-spamassassin-3.28.5-16.el8.ppc64le.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.ppc64le.rpm s390x: evolution-3.28.5-16.el8.s390x.rpm evolution-bogofilter-3.28.5-16.el8.s390x.rpm evolution-bogofilter-debuginfo-3.28.5-16.el8.s390x.rpm evolution-data-server-3.28.5-15.el8.s390x.rpm evolution-data-server-debuginfo-3.28.5-15.el8.s390x.rpm evolution-data-server-debugsource-3.28.5-15.el8.s390x.rpm evolution-data-server-devel-3.28.5-15.el8.s390x.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.s390x.rpm evolution-debuginfo-3.28.5-16.el8.s390x.rpm evolution-debugsource-3.28.5-16.el8.s390x.rpm evolution-ews-3.28.5-10.el8.s390x.rpm evolution-ews-debuginfo-3.28.5-10.el8.s390x.rpm evolution-ews-debugsource-3.28.5-10.el8.s390x.rpm evolution-pst-3.28.5-16.el8.s390x.rpm evolution-pst-debuginfo-3.28.5-16.el8.s390x.rpm evolution-spamassassin-3.28.5-16.el8.s390x.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.s390x.rpm x86_64: evolution-3.28.5-16.el8.x86_64.rpm evolution-bogofilter-3.28.5-16.el8.x86_64.rpm evolution-bogofilter-debuginfo-3.28.5-16.el8.x86_64.rpm evolution-data-server-3.28.5-15.el8.i686.rpm evolution-data-server-3.28.5-15.el8.x86_64.rpm evolution-data-server-debuginfo-3.28.5-15.el8.i686.rpm evolution-data-server-debuginfo-3.28.5-15.el8.x86_64.rpm evolution-data-server-debugsource-3.28.5-15.el8.i686.rpm evolution-data-server-debugsource-3.28.5-15.el8.x86_64.rpm evolution-data-server-devel-3.28.5-15.el8.i686.rpm evolution-data-server-devel-3.28.5-15.el8.x86_64.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.i686.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.x86_64.rpm evolution-debuginfo-3.28.5-16.el8.x86_64.rpm evolution-debugsource-3.28.5-16.el8.x86_64.rpm evolution-ews-3.28.5-10.el8.x86_64.rpm evolution-ews-debuginfo-3.28.5-10.el8.x86_64.rpm evolution-ews-debugsource-3.28.5-10.el8.x86_64.rpm evolution-pst-3.28.5-16.el8.x86_64.rpm evolution-pst-debuginfo-3.28.5-16.el8.x86_64.rpm evolution-spamassassin-3.28.5-16.el8.x86_64.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: evolution-bogofilter-debuginfo-3.28.5-16.el8.aarch64.rpm evolution-data-server-debuginfo-3.28.5-15.el8.aarch64.rpm evolution-data-server-debugsource-3.28.5-15.el8.aarch64.rpm evolution-data-server-perl-3.28.5-15.el8.aarch64.rpm evolution-data-server-tests-3.28.5-15.el8.aarch64.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.aarch64.rpm evolution-debuginfo-3.28.5-16.el8.aarch64.rpm evolution-debugsource-3.28.5-16.el8.aarch64.rpm evolution-devel-3.28.5-16.el8.aarch64.rpm evolution-pst-debuginfo-3.28.5-16.el8.aarch64.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.aarch64.rpm noarch: evolution-data-server-doc-3.28.5-15.el8.noarch.rpm ppc64le: evolution-bogofilter-debuginfo-3.28.5-16.el8.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-15.el8.ppc64le.rpm evolution-data-server-debugsource-3.28.5-15.el8.ppc64le.rpm evolution-data-server-perl-3.28.5-15.el8.ppc64le.rpm evolution-data-server-tests-3.28.5-15.el8.ppc64le.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.ppc64le.rpm evolution-debuginfo-3.28.5-16.el8.ppc64le.rpm evolution-debugsource-3.28.5-16.el8.ppc64le.rpm evolution-devel-3.28.5-16.el8.ppc64le.rpm evolution-pst-debuginfo-3.28.5-16.el8.ppc64le.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.ppc64le.rpm s390x: evolution-bogofilter-debuginfo-3.28.5-16.el8.s390x.rpm evolution-data-server-debuginfo-3.28.5-15.el8.s390x.rpm evolution-data-server-debugsource-3.28.5-15.el8.s390x.rpm evolution-data-server-perl-3.28.5-15.el8.s390x.rpm evolution-data-server-tests-3.28.5-15.el8.s390x.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.s390x.rpm evolution-debuginfo-3.28.5-16.el8.s390x.rpm evolution-debugsource-3.28.5-16.el8.s390x.rpm evolution-devel-3.28.5-16.el8.s390x.rpm evolution-pst-debuginfo-3.28.5-16.el8.s390x.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.s390x.rpm x86_64: evolution-bogofilter-debuginfo-3.28.5-16.el8.i686.rpm evolution-bogofilter-debuginfo-3.28.5-16.el8.x86_64.rpm evolution-data-server-debuginfo-3.28.5-15.el8.i686.rpm evolution-data-server-debuginfo-3.28.5-15.el8.x86_64.rpm evolution-data-server-debugsource-3.28.5-15.el8.i686.rpm evolution-data-server-debugsource-3.28.5-15.el8.x86_64.rpm evolution-data-server-perl-3.28.5-15.el8.x86_64.rpm evolution-data-server-tests-3.28.5-15.el8.i686.rpm evolution-data-server-tests-3.28.5-15.el8.x86_64.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.i686.rpm evolution-data-server-tests-debuginfo-3.28.5-15.el8.x86_64.rpm evolution-debuginfo-3.28.5-16.el8.i686.rpm evolution-debuginfo-3.28.5-16.el8.x86_64.rpm evolution-debugsource-3.28.5-16.el8.i686.rpm evolution-debugsource-3.28.5-16.el8.x86_64.rpm evolution-devel-3.28.5-16.el8.i686.rpm evolution-devel-3.28.5-16.el8.x86_64.rpm evolution-pst-debuginfo-3.28.5-16.el8.i686.rpm evolution-pst-debuginfo-3.28.5-16.el8.x86_64.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.i686.rpm evolution-spamassassin-debuginfo-3.28.5-16.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-16117 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYKPwHtzjgjWX9erEAQghpw/9H55Trf+AX3xW2qDPoNpYka4UcrlUIc40 WJF72phRvA1+I3A1fLV/SyzTgsM59yZi7pi6wqNeulO6kXp370IOR3GCRMQu3mpg /dFMmc2Z1ZQvckY9KCw+RIM1Nh2BRNLdPp+BwubFEA2vUJ0lMG8aJtsyUtDqhOyc P/e6Kk3JEfKw7k5X9zcA+IK1SVtPbKX6d+Wj01d4ta4tj+mSuI9CQ8xwB0CHOPgN D8nHl1lj7WJcqsTD0hZrwpP0lu2j5icyD91aIFLz4PVAuBlBn/h2N8HyApfJRjRl cG8mhhh6R+tQqwMPTDtyEoNpchSZ2kJXTfX0m2WdzoGJgS3vp52euX6e9hkY3omB NGckTqVOpK/+h6XRO/xUi/BQO68T9INIuy7JZWnvlYe/3jD+ZgXDf3FgzcvD8XGx +74egTeUrth5ogKhtkxe1GeUTjrSo2+eUrzyrdwbaZtYYT69BjeNPYJfRiDuMXA+ yLICn15vN5aK8kNRIoS2uqkjryaEYh3xIGAUlLX162TyGn7BJVgd9i7CwnaYLkpV dc4RK0IVMsHbwLygHsTNcahTFtl6G8MZy4yg7BevtrTlErW++tBBY/zj5RzW1oxU Y3SGF2RC6kxgnRPACGiA7J6EzmoPj1HVdxeMXA+YemT42/T1+J8wCY5wsy1gCYK7 zen7h29zMQE=B1In -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . New patches for evolution, data-server, and evolution-ews have been released. Minor security updates for Red Hat Enterprise Linux 8.. Red Hat Enterprise Linux,evolution application,bug fixes,security updates. . Severity: Low. LinuxSecurity.com Team

Calendar%202 May 18, 2021 Low Red Hat
98

Red Hat: RHSA-2020-4649-01 Low: Evolution Response Injection in SMTP

An update for bogofilter, evolution, evolution-data-server, evolution-mapi, and openchange is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: evolution security and bug fix update Advisory ID: RHSA-2020:4649-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4649 Issue date: 2020-11-03 CVE Names: CVE-2020-14928 ==================================================================== 1. Summary: An update for bogofilter, evolution, evolution-data-server, evolution-mapi, and openchange is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. OpenChange provides libraries to access Microsoft Exchange servers using native protocols. Security Fix(es): * evolution-data-server: Response injection via STARTTLS in SMTPand POP3 (CVE-2020-14928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Evolution must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1825447 - openchange: does not rebuild with samba-4.11.2-7.el8 1836165 - Cannot type the date of a meeting 1836279 - Please upgrade to bogofilter 1.2.5 1857470 - CVE-2020-14928 evolution-data-server: Response injection via STARTTLS in SMTP and POP3 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: bogofilter-1.2.5-2.el8.src.rpm evolution-3.28.5-14.el8.src.rpm evolution-data-server-3.28.5-14.el8.src.rpm evolution-mapi-3.28.3-3.el8.src.rpm openchange-2.3-26.el8.src.rpm aarch64: bogofilter-1.2.5-2.el8.aarch64.rpm bogofilter-debuginfo-1.2.5-2.el8.aarch64.rpm bogofilter-debugsource-1.2.5-2.el8.aarch64.rpm evolution-3.28.5-14.el8.aarch64.rpm evolution-bogofilter-3.28.5-14.el8.aarch64.rpm evolution-bogofilter-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-data-server-3.28.5-14.el8.aarch64.rpm evolution-data-server-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-data-server-debugsource-3.28.5-14.el8.aarch64.rpm evolution-data-server-devel-3.28.5-14.el8.aarch64.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-debugsource-3.28.5-14.el8.aarch64.rpm evolution-mapi-3.28.3-3.el8.aarch64.rpm evolution-mapi-debuginfo-3.28.3-3.el8.aarch64.rpm evolution-mapi-debugsource-3.28.3-3.el8.aarch64.rpm evolution-pst-3.28.5-14.el8.aarch64.rpm evolution-pst-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-spamassassin-3.28.5-14.el8.aarch64.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.aarch64.rpm openchange-2.3-26.el8.aarch64.rpm openchange-client-debuginfo-2.3-26.el8.aarch64.rpm openchange-debuginfo-2.3-26.el8.aarch64.rpm openchange-debugsource-2.3-26.el8.aarch64.rpm noarch: evolution-data-server-langpacks-3.28.5-14.el8.noarch.rpm evolution-help-3.28.5-14.el8.noarch.rpm evolution-langpacks-3.28.5-14.el8.noarch.rpm evolution-mapi-langpacks-3.28.3-3.el8.noarch.rpm ppc64le: bogofilter-1.2.5-2.el8.ppc64le.rpm bogofilter-debuginfo-1.2.5-2.el8.ppc64le.rpm bogofilter-debugsource-1.2.5-2.el8.ppc64le.rpm evolution-3.28.5-14.el8.ppc64le.rpm evolution-bogofilter-3.28.5-14.el8.ppc64le.rpm evolution-bogofilter-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-data-server-3.28.5-14.el8.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-data-server-debugsource-3.28.5-14.el8.ppc64le.rpm evolution-data-server-devel-3.28.5-14.el8.ppc64le.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-debugsource-3.28.5-14.el8.ppc64le.rpm evolution-mapi-3.28.3-3.el8.ppc64le.rpm evolution-mapi-debuginfo-3.28.3-3.el8.ppc64le.rpm evolution-mapi-debugsource-3.28.3-3.el8.ppc64le.rpm evolution-pst-3.28.5-14.el8.ppc64le.rpm evolution-pst-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-spamassassin-3.28.5-14.el8.ppc64le.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.ppc64le.rpm openchange-2.3-26.el8.ppc64le.rpm openchange-client-debuginfo-2.3-26.el8.ppc64le.rpm openchange-debuginfo-2.3-26.el8.ppc64le.rpm openchange-debugsource-2.3-26.el8.ppc64le.rpm s390x: bogofilter-1.2.5-2.el8.s390x.rpm bogofilter-debuginfo-1.2.5-2.el8.s390x.rpm bogofilter-debugsource-1.2.5-2.el8.s390x.rpm evolution-3.28.5-14.el8.s390x.rpm evolution-bogofilter-3.28.5-14.el8.s390x.rpm evolution-bogofilter-debuginfo-3.28.5-14.el8.s390x.rpm evolution-data-server-3.28.5-14.el8.s390x.rpm evolution-data-server-debuginfo-3.28.5-14.el8.s390x.rpm evolution-data-server-debugsource-3.28.5-14.el8.s390x.rpm evolution-data-server-devel-3.28.5-14.el8.s390x.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.s390x.rpm evolution-debuginfo-3.28.5-14.el8.s390x.rpm evolution-debugsource-3.28.5-14.el8.s390x.rpm evolution-mapi-3.28.3-3.el8.s390x.rpm evolution-mapi-debuginfo-3.28.3-3.el8.s390x.rpm evolution-mapi-debugsource-3.28.3-3.el8.s390x.rpm evolution-pst-3.28.5-14.el8.s390x.rpm evolution-pst-debuginfo-3.28.5-14.el8.s390x.rpm evolution-spamassassin-3.28.5-14.el8.s390x.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.s390x.rpm openchange-2.3-26.el8.s390x.rpm openchange-client-debuginfo-2.3-26.el8.s390x.rpm openchange-debuginfo-2.3-26.el8.s390x.rpm openchange-debugsource-2.3-26.el8.s390x.rpm x86_64: bogofilter-1.2.5-2.el8.x86_64.rpm bogofilter-debuginfo-1.2.5-2.el8.x86_64.rpm bogofilter-debugsource-1.2.5-2.el8.x86_64.rpm evolution-3.28.5-14.el8.x86_64.rpm evolution-bogofilter-3.28.5-14.el8.x86_64.rpm evolution-bogofilter-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-data-server-3.28.5-14.el8.i686.rpm evolution-data-server-3.28.5-14.el8.x86_64.rpm evolution-data-server-debuginfo-3.28.5-14.el8.i686.rpm evolution-data-server-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-data-server-debugsource-3.28.5-14.el8.i686.rpm evolution-data-server-debugsource-3.28.5-14.el8.x86_64.rpm evolution-data-server-devel-3.28.5-14.el8.i686.rpm evolution-data-server-devel-3.28.5-14.el8.x86_64.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.i686.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-debugsource-3.28.5-14.el8.x86_64.rpm evolution-mapi-3.28.3-3.el8.x86_64.rpm evolution-mapi-debuginfo-3.28.3-3.el8.x86_64.rpm evolution-mapi-debugsource-3.28.3-3.el8.x86_64.rpm evolution-pst-3.28.5-14.el8.x86_64.rpm evolution-pst-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-spamassassin-3.28.5-14.el8.x86_64.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.x86_64.rpm openchange-2.3-26.el8.i686.rpm openchange-2.3-26.el8.x86_64.rpm openchange-client-debuginfo-2.3-26.el8.i686.rpm openchange-client-debuginfo-2.3-26.el8.x86_64.rpm openchange-debuginfo-2.3-26.el8.i686.rpm openchange-debuginfo-2.3-26.el8.x86_64.rpm openchange-debugsource-2.3-26.el8.i686.rpm openchange-debugsource-2.3-26.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: evolution-bogofilter-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-data-server-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-data-server-debugsource-3.28.5-14.el8.aarch64.rpm evolution-data-server-perl-3.28.5-14.el8.aarch64.rpm evolution-data-server-tests-3.28.5-14.el8.aarch64.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-debugsource-3.28.5-14.el8.aarch64.rpm evolution-devel-3.28.5-14.el8.aarch64.rpm evolution-pst-debuginfo-3.28.5-14.el8.aarch64.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.aarch64.rpm noarch: evolution-data-server-doc-3.28.5-14.el8.noarch.rpm ppc64le: evolution-bogofilter-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-data-server-debugsource-3.28.5-14.el8.ppc64le.rpm evolution-data-server-perl-3.28.5-14.el8.ppc64le.rpm evolution-data-server-tests-3.28.5-14.el8.ppc64le.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-debugsource-3.28.5-14.el8.ppc64le.rpm evolution-devel-3.28.5-14.el8.ppc64le.rpm evolution-pst-debuginfo-3.28.5-14.el8.ppc64le.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.ppc64le.rpm s390x: evolution-bogofilter-debuginfo-3.28.5-14.el8.s390x.rpm evolution-data-server-debuginfo-3.28.5-14.el8.s390x.rpm evolution-data-server-debugsource-3.28.5-14.el8.s390x.rpm evolution-data-server-perl-3.28.5-14.el8.s390x.rpm evolution-data-server-tests-3.28.5-14.el8.s390x.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.s390x.rpm evolution-debuginfo-3.28.5-14.el8.s390x.rpm evolution-debugsource-3.28.5-14.el8.s390x.rpm evolution-devel-3.28.5-14.el8.s390x.rpm evolution-pst-debuginfo-3.28.5-14.el8.s390x.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.s390x.rpm x86_64: evolution-bogofilter-debuginfo-3.28.5-14.el8.i686.rpm evolution-bogofilter-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-data-server-debuginfo-3.28.5-14.el8.i686.rpm evolution-data-server-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-data-server-debugsource-3.28.5-14.el8.i686.rpm evolution-data-server-debugsource-3.28.5-14.el8.x86_64.rpm evolution-data-server-perl-3.28.5-14.el8.x86_64.rpm evolution-data-server-tests-3.28.5-14.el8.i686.rpm evolution-data-server-tests-3.28.5-14.el8.x86_64.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.i686.rpm evolution-data-server-tests-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-debuginfo-3.28.5-14.el8.i686.rpm evolution-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-debugsource-3.28.5-14.el8.i686.rpm evolution-debugsource-3.28.5-14.el8.x86_64.rpm evolution-devel-3.28.5-14.el8.i686.rpm evolution-devel-3.28.5-14.el8.x86_64.rpm evolution-pst-debuginfo-3.28.5-14.el8.i686.rpm evolution-pst-debuginfo-3.28.5-14.el8.x86_64.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.i686.rpm evolution-spamassassin-debuginfo-3.28.5-14.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14928 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX6I1q9zjgjWX9erEAQiwoQ//buEUtanTCbZTJzlnxxIelsIxRohRRi0f KcP8B0im8WJjk4Ie4knSyVn4xi6dhouiDviZGgk4DmVSaV53MKgK6slmnhw4Y6vk +At+mNttFlkE/0GGKsX3Gp+FYdFyrsAqg9pntMvexv7zsehGpBRBh27IHeAchdvr 5UUWk64r4GdAquArB51WdpocISh5B93kqi6y/WBL1lFpElnmgsc99FcaQtD7FzIC YFfBFLiejoPtwE9of6QIahr6EPg4cRiaVSe0MUDWy+ouesGd1M8fClmjWeswcpnY mc0CpKXsbqwa9oZFbFfQ+YC70uBX/+Z5b0nPUSrP+OZO8yyeeYIdEpT2/mLPiDFE cjo8q0fmuKquqE2jBdn+8Kx9h7S4x2RLnyg+GngmC+UYYrFdUyCUuH2/f6ezo3Fe 2bh5FyYIDh+81ljY3dItvc/cSeWGvHj4mVxaCMq5wQnbzXP9SlqGQncLRrK9PhA2 6TNCwz7nQDiW5aDoeKo7s/oWXsGI1/uBwjyWOWU06GQ8QJMcyHWbfOBUef6SpNzk T4Rl+98uKecem/xJIZUVeduCbwxsSOEz7iUVI39XNB9NJofafRUjzlQqI55Lb49A Ma2nrRleaF1F6ohQ/eF6dEQuET95MtBftKOfMN0NrSFEmSJo+pSb4DIrqRA5sC05 A0+T0YkAsF0=IWMO -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Investigate the most recent Red Hat notice regarding evolution security, featuring minimal impact upgrades and solutions for various issues.. Red Hat Security, Evolution Update, Email Security, Bug Fix, OpenChange. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Nov 04, 2020 Low Red Hat
98

Red Hat Enterprise Linux 8 RHSA-2020:1600-01 Moderate: Evolution Email Fix

An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: evolution security and bug fix update Advisory ID: RHSA-2020:1600-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1600 Issue date: 2020-04-28 CVE Names: CVE-2018-15587 ==================================================================== 1. Summary: An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, x86_64 3. Description: Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Security Fix(es): * evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages (CVE-2018-15587) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Evolution must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1677650 - CVE-2018-15587 evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages 1741091 - Birthday date of Contact depends on system timezone 1753220 - GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child() 1764818 - Sync CategoryList with mail Labels 1765005 - Reject creating meetings organized by other users1778799 - New Mail account wizard ignores email address change 1788478 - EDBusServer: Delay new module load 1791547 - [abrt] [faf] test-cal-meta-backend cannot run without installed Evolution 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: evolution-3.28.5-12.el8.src.rpm evolution-data-server-3.28.5-13.el8.src.rpm evolution-ews-3.28.5-9.el8.src.rpm aarch64: evolution-3.28.5-12.el8.aarch64.rpm evolution-bogofilter-3.28.5-12.el8.aarch64.rpm evolution-bogofilter-debuginfo-3.28.5-12.el8.aarch64.rpm evolution-data-server-3.28.5-13.el8.aarch64.rpm evolution-data-server-debuginfo-3.28.5-13.el8.aarch64.rpm evolution-data-server-debugsource-3.28.5-13.el8.aarch64.rpm evolution-data-server-devel-3.28.5-13.el8.aarch64.rpm evolution-data-server-tests-debuginfo-3.28.5-13.el8.aarch64.rpm evolution-debuginfo-3.28.5-12.el8.aarch64.rpm evolution-debugsource-3.28.5-12.el8.aarch64.rpm evolution-ews-3.28.5-9.el8.aarch64.rpm evolution-ews-debuginfo-3.28.5-9.el8.aarch64.rpm evolution-ews-debugsource-3.28.5-9.el8.aarch64.rpm evolution-pst-3.28.5-12.el8.aarch64.rpm evolution-pst-debuginfo-3.28.5-12.el8.aarch64.rpm evolution-spamassassin-3.28.5-12.el8.aarch64.rpm evolution-spamassassin-debuginfo-3.28.5-12.el8.aarch64.rpm noarch: evolution-data-server-langpacks-3.28.5-13.el8.noarch.rpm evolution-ews-langpacks-3.28.5-9.el8.noarch.rpm evolution-help-3.28.5-12.el8.noarch.rpm evolution-langpacks-3.28.5-12.el8.noarch.rpm ppc64le: evolution-3.28.5-12.el8.ppc64le.rpm evolution-bogofilter-3.28.5-12.el8.ppc64le.rpm evolution-bogofilter-debuginfo-3.28.5-12.el8.ppc64le.rpm evolution-data-server-3.28.5-13.el8.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-13.el8.ppc64le.rpm evolution-data-server-debugsource-3.28.5-13.el8.ppc64le.rpm evolution-data-server-devel-3.28.5-13.el8.ppc64le.rpm evolution-data-server-tests-debuginfo-3.28.5-13.el8.ppc64le.rpm evolution-debuginfo-3.28.5-12.el8.ppc64le.rpm evolution-debugsource-3.28.5-12.el8.ppc64le.rpm evolution-ews-3.28.5-9.el8.ppc64le.rpm evolution-ews-debuginfo-3.28.5-9.el8.ppc64le.rpm evolution-ews-debugsource-3.28.5-9.el8.ppc64le.rpm evolution-pst-3.28.5-12.el8.ppc64le.rpm evolution-pst-debuginfo-3.28.5-12.el8.ppc64le.rpm evolution-spamassassin-3.28.5-12.el8.ppc64le.rpm evolution-spamassassin-debuginfo-3.28.5-12.el8.ppc64le.rpm x86_64: evolution-3.28.5-12.el8.x86_64.rpm evolution-bogofilter-3.28.5-12.el8.x86_64.rpm evolution-bogofilter-debuginfo-3.28.5-12.el8.x86_64.rpm evolution-data-server-3.28.5-13.el8.i686.rpm evolution-data-server-3.28.5-13.el8.x86_64.rpm evolution-data-server-debuginfo-3.28.5-13.el8.i686.rpm evolution-data-server-debuginfo-3.28.5-13.el8.x86_64.rpm evolution-data-server-debugsource-3.28.5-13.el8.i686.rpm evolution-data-server-debugsource-3.28.5-13.el8.x86_64.rpm evolution-data-server-devel-3.28.5-13.el8.i686.rpm evolution-data-server-devel-3.28.5-13.el8.x86_64.rpm evolution-data-server-tests-debuginfo-3.28.5-13.el8.i686.rpm evolution-data-server-tests-debuginfo-3.28.5-13.el8.x86_64.rpm evolution-debuginfo-3.28.5-12.el8.x86_64.rpm evolution-debugsource-3.28.5-12.el8.x86_64.rpm evolution-ews-3.28.5-9.el8.x86_64.rpm evolution-ews-debuginfo-3.28.5-9.el8.x86_64.rpm evolution-ews-debugsource-3.28.5-9.el8.x86_64.rpm evolution-pst-3.28.5-12.el8.x86_64.rpm evolution-pst-debuginfo-3.28.5-12.el8.x86_64.rpm evolution-spamassassin-3.28.5-12.el8.x86_64.rpm evolution-spamassassin-debuginfo-3.28.5-12.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: evolution-bogofilter-debuginfo-3.28.5-12.el8.aarch64.rpm evolution-data-server-debuginfo-3.28.5-13.el8.aarch64.rpm evolution-data-server-debugsource-3.28.5-13.el8.aarch64.rpm evolution-data-server-perl-3.28.5-13.el8.aarch64.rpm evolution-data-server-tests-3.28.5-13.el8.aarch64.rpm evolution-data-server-tests-debuginfo-3.28.5-13.el8.aarch64.rpm evolution-debuginfo-3.28.5-12.el8.aarch64.rpm evolution-debugsource-3.28.5-12.el8.aarch64.rpm evolution-devel-3.28.5-12.el8.aarch64.rpm evolution-pst-debuginfo-3.28.5-12.el8.aarch64.rpm evolution-spamassassin-debuginfo-3.28.5-12.el8.aarch64.rpm noarch: evolution-data-server-doc-3.28.5-13.el8.noarch.rpm ppc64le: evolution-bogofilter-debuginfo-3.28.5-12.el8.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-13.el8.ppc64le.rpm evolution-data-server-debugsource-3.28.5-13.el8.ppc64le.rpm evolution-data-server-perl-3.28.5-13.el8.ppc64le.rpm evolution-data-server-tests-3.28.5-13.el8.ppc64le.rpm evolution-data-server-tests-debuginfo-3.28.5-13.el8.ppc64le.rpm evolution-debuginfo-3.28.5-12.el8.ppc64le.rpm evolution-debugsource-3.28.5-12.el8.ppc64le.rpm evolution-devel-3.28.5-12.el8.ppc64le.rpm evolution-pst-debuginfo-3.28.5-12.el8.ppc64le.rpm evolution-spamassassin-debuginfo-3.28.5-12.el8.ppc64le.rpm x86_64: evolution-bogofilter-debuginfo-3.28.5-12.el8.i686.rpm evolution-bogofilter-debuginfo-3.28.5-12.el8.x86_64.rpm evolution-data-server-debuginfo-3.28.5-13.el8.i686.rpm evolution-data-server-debuginfo-3.28.5-13.el8.x86_64.rpm evolution-data-server-debugsource-3.28.5-13.el8.i686.rpm evolution-data-server-debugsource-3.28.5-13.el8.x86_64.rpm evolution-data-server-perl-3.28.5-13.el8.x86_64.rpm evolution-data-server-tests-3.28.5-13.el8.i686.rpm evolution-data-server-tests-3.28.5-13.el8.x86_64.rpm evolution-data-server-tests-debuginfo-3.28.5-13.el8.i686.rpm evolution-data-server-tests-debuginfo-3.28.5-13.el8.x86_64.rpm evolution-debuginfo-3.28.5-12.el8.i686.rpm evolution-debuginfo-3.28.5-12.el8.x86_64.rpm evolution-debugsource-3.28.5-12.el8.i686.rpm evolution-debugsource-3.28.5-12.el8.x86_64.rpm evolution-devel-3.28.5-12.el8.i686.rpm evolution-devel-3.28.5-12.el8.x86_64.rpm evolution-pst-debuginfo-3.28.5-12.el8.i686.rpm evolution-pst-debuginfo-3.28.5-12.el8.x86_64.rpm evolution-spamassassin-debuginfo-3.28.5-12.el8.i686.rpm evolution-spamassassin-debuginfo-3.28.5-12.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-15587 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhVwNzjgjWX9erEAQg8KQ/8CaKBjvP7IZxCLeDSOA7PHBylbD4zBe/l G671d7eKBUBXmZnws9gN44ccXdMmnYrUOvrJs+NteVzuew4b6DGWl+Qw/J1luvni GuTUgSnxsH0uLeBhdejpLM6okSZwQEl7UEp5zrTux0U/p0+KYxbpDI2F8Hb2ImCk jVwiwoVP4YrxFAM4QmXcRcdIX9n3yV7I/ck54LAlAOhbsvhhOJZVFNFvLpcZxT5R qNrVBs78nsEFQoWeDOXr+/tdlUMB7uZBIJ2Bld5njmUmVhbdw/DqpvmL+rLJq02k NuN8d6CtAkMZ9xh6pJCDboCyAQNv4+B7WqU4uW7vN9S8j57kLXgCXx5NTolBdZDc nSxCd3uXw7wnkCqvKwz5D4ybMre1KIULY5z/uT/lzgw7yzhjP2zdH3Y/3+NnSae0 Jem4KMQ864kiAJMliL3Vdh/5SD6gKr0cV1mPOF4yu5vB5hJFGUfd6LeBcyfBetSQ 86sI96p/b4+/FI6tAfuh7k3HskapFpqLJOHqjvrSQHTIlzjF7PIHJJAxXOnHdxHH yZ1yG3+G8IIV7KQnIdVUMph8mPjqcwRfxTvZaxMaH0om0hv80Zc2kT1SlAxfEBtR /ZHgC/IYm6wVQqZzHB7DG+iXCLE569/5VXZCCLQ0J0S/0cSd9A6RFF9pQaV4MENu Wt4NJwfb6Zw=SgCD -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat reveals an Evolution upgrade focused on addressing critical security flaws, particularly a significant email impersonation threat.. Red Hat Enterprise, Evolution Update, Email Security, Bug Fix, OpenPGP Signatures. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 28, 2020 Important Red Hat
200

Scientific Linux: SLSA-2020:1080-1 Moderate: Email Spoofing Risk

evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages * evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts SL7 x86_64 evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm evolution-data-server-3.28.5-4.el7.x86_64.rpm atk-2.28.1-2.el7.i686.rpm at [More...]. Synopsis: Moderate: evolution security and bug fix update Advisory ID: SLSA-2020:1080-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-15587 CVE-2019-3890 -- * evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages * evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts -- SL7 x86_64 evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm evolution-data-server-3.28.5-4.el7.x86_64.rpm atk-2.28.1-2.el7.i686.rpm atk-devel-2.28.1-2.el7.x86_64.rpm evolution-data-server-devel-3.28.5-4.el7.i686.rpm evolution-data-server-3.28.5-4.el7.i686.rpm atk-devel-2.28.1-2.el7.i686.rpm atk-2.28.1-2.el7.x86_64.rpm evolution-data-server-devel-3.28.5-4.el7.x86_64.rpm atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm evolution-3.28.5-8.el7.i686.rpm evolution-3.28.5-8.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.i686.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-debuginfo-3.28.5-8.el7.i686.rpm evolution-debuginfo-3.28.5-8.el7.x86_64.rpm evolution-ews-3.28.5-5.el7.i686.rpm evolution-ews-3.28.5-5.el7.x86_64.rpm evolution-ews-debuginfo-3.28.5-5.el7.i686.rpm evolution-ews-debuginfo-3.28.5-5.el7.x86_64.rpm evolution-bogofilter-3.28.5-8.el7.x86_64.rpm evolution-data-server-perl-3.28.5-4.el7.x86_64.rpm evolution-data-server-tests-3.28.5-4.el7.i686.rpm evolution-data-server-tests-3.28.5-4.el7.x86_64.rpm evolution-devel-3.28.5-8.el7.i686.rpm evolution-devel-3.28.5-8.el7.x86_64.rpm evolution-pst-3.28.5-8.el7.x86_64.rpm evolution-spamassassin-3.28.5-8.el7.x86_64.rpm noarch evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm evolution-ews-langpacks-3.28.5-5.el7.noarch.rpm evolution-help-3.28.5-8.el7.noarch.rpm evolution-langpacks-3.28.5-8.el7.noarch.rpm evolution-data-server-doc-3.28.5-4.el7.noarch.rpm evolution-devel-docs-3.28.5-8.el7.noarch.rpm - Scientific Linux Development Team . Comprehensive enhancement patch and vulnerability resolution release for Academic Linux targeting unauthorized email transmission and SSL certificate vulnerabilities.. evolution security, email spoofing, Scientific Linux, bug fix update. . LinuxSecurity.com Team

Calendar%202 Apr 20, 2020 Scientific Linux
98

Update for Red Hat Enterprise Linux 7: Evolution Security RHSA-2020-1080-01

An update for evolution, evolution-data-server, evolution-ews, and atk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: evolution security and bug fix update Advisory ID: RHSA-2020:1080-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1080 Issue date: 2020-03-31 CVE Names: CVE-2018-15587 CVE-2019-3890 ==================================================================== 1. Summary: An update for evolution, evolution-data-server, evolution-ews, and atk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasksand calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Security Fix(es): * evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages (CVE-2018-15587) * evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts (CVE-2019-3890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Evolution must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1392567 - Sync CategoryList with mail Labels 1677650 - CVE-2018-15587 evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages 1678313 - CVE-2019-3890 evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts 1753122 - GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child() 1753123 - Leaks AtkGObjectAccessible objects 6. Package List: Red Hat Enterprise Linux Client (v.7): Source: atk-2.28.1-2.el7.src.rpm evolution-3.28.5-8.el7.src.rpm evolution-data-server-3.28.5-4.el7.src.rpm evolution-ews-3.28.5-5.el7.src.rpm noarch: evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm evolution-ews-langpacks-3.28.5-5.el7.noarch.rpm evolution-help-3.28.5-8.el7.noarch.rpm evolution-langpacks-3.28.5-8.el7.noarch.rpm x86_64: atk-2.28.1-2.el7.i686.rpm atk-2.28.1-2.el7.x86_64.rpm atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm evolution-3.28.5-8.el7.i686.rpm evolution-3.28.5-8.el7.x86_64.rpm evolution-data-server-3.28.5-4.el7.i686.rpm evolution-data-server-3.28.5-4.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.i686.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-debuginfo-3.28.5-8.el7.i686.rpm evolution-debuginfo-3.28.5-8.el7.x86_64.rpm evolution-ews-3.28.5-5.el7.i686.rpm evolution-ews-3.28.5-5.el7.x86_64.rpm evolution-ews-debuginfo-3.28.5-5.el7.i686.rpm evolution-ews-debuginfo-3.28.5-5.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: evolution-data-server-doc-3.28.5-4.el7.noarch.rpm evolution-devel-docs-3.28.5-8.el7.noarch.rpm x86_64: atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm atk-devel-2.28.1-2.el7.i686.rpm atk-devel-2.28.1-2.el7.x86_64.rpm evolution-bogofilter-3.28.5-8.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.i686.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-data-server-devel-3.28.5-4.el7.i686.rpm evolution-data-server-devel-3.28.5-4.el7.x86_64.rpm evolution-data-server-perl-3.28.5-4.el7.x86_64.rpm evolution-data-server-tests-3.28.5-4.el7.i686.rpm evolution-data-server-tests-3.28.5-4.el7.x86_64.rpm evolution-debuginfo-3.28.5-8.el7.i686.rpm evolution-debuginfo-3.28.5-8.el7.x86_64.rpm evolution-devel-3.28.5-8.el7.i686.rpm evolution-devel-3.28.5-8.el7.x86_64.rpm evolution-pst-3.28.5-8.el7.x86_64.rpm evolution-spamassassin-3.28.5-8.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: atk-2.28.1-2.el7.src.rpm x86_64: atk-2.28.1-2.el7.i686.rpm atk-2.28.1-2.el7.x86_64.rpm atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: evolution-data-server-3.28.5-4.el7.src.rpm noarch: evolution-data-server-doc-3.28.5-4.el7.noarch.rpm evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm x86_64: atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm atk-devel-2.28.1-2.el7.i686.rpm atk-devel-2.28.1-2.el7.x86_64.rpm evolution-data-server-3.28.5-4.el7.i686.rpm evolution-data-server-3.28.5-4.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.i686.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-data-server-devel-3.28.5-4.el7.i686.rpm evolution-data-server-devel-3.28.5-4.el7.x86_64.rpm evolution-data-server-perl-3.28.5-4.el7.x86_64.rpm evolution-data-server-tests-3.28.5-4.el7.i686.rpm evolution-data-server-tests-3.28.5-4.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: atk-2.28.1-2.el7.src.rpm evolution-data-server-3.28.5-4.el7.src.rpm noarch: evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm ppc64: atk-2.28.1-2.el7.ppc.rpm atk-2.28.1-2.el7.ppc64.rpm atk-debuginfo-2.28.1-2.el7.ppc.rpm atk-debuginfo-2.28.1-2.el7.ppc64.rpm atk-devel-2.28.1-2.el7.ppc.rpm atk-devel-2.28.1-2.el7.ppc64.rpm evolution-data-server-3.28.5-4.el7.ppc.rpm evolution-data-server-3.28.5-4.el7.ppc64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.ppc.rpm evolution-data-server-debuginfo-3.28.5-4.el7.ppc64.rpm ppc64le: atk-2.28.1-2.el7.ppc64le.rpm atk-debuginfo-2.28.1-2.el7.ppc64le.rpm atk-devel-2.28.1-2.el7.ppc64le.rpm evolution-data-server-3.28.5-4.el7.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-4.el7.ppc64le.rpm evolution-data-server-devel-3.28.5-4.el7.ppc64le.rpm s390x: atk-2.28.1-2.el7.s390.rpm atk-2.28.1-2.el7.s390x.rpm atk-debuginfo-2.28.1-2.el7.s390.rpm atk-debuginfo-2.28.1-2.el7.s390x.rpm atk-devel-2.28.1-2.el7.s390.rpm atk-devel-2.28.1-2.el7.s390x.rpm evolution-data-server-3.28.5-4.el7.s390.rpm evolution-data-server-3.28.5-4.el7.s390x.rpm evolution-data-server-debuginfo-3.28.5-4.el7.s390.rpm evolution-data-server-debuginfo-3.28.5-4.el7.s390x.rpm x86_64: atk-2.28.1-2.el7.i686.rpm atk-2.28.1-2.el7.x86_64.rpm atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm atk-devel-2.28.1-2.el7.i686.rpm atk-devel-2.28.1-2.el7.x86_64.rpm evolution-data-server-3.28.5-4.el7.i686.rpm evolution-data-server-3.28.5-4.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.i686.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-data-server-devel-3.28.5-4.el7.i686.rpm evolution-data-server-devel-3.28.5-4.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): Source: evolution-3.28.5-8.el7.src.rpm evolution-ews-3.28.5-5.el7.src.rpm noarch: evolution-data-server-doc-3.28.5-4.el7.noarch.rpm evolution-devel-docs-3.28.5-8.el7.noarch.rpm evolution-ews-langpacks-3.28.5-5.el7.noarch.rpm evolution-help-3.28.5-8.el7.noarch.rpm evolution-langpacks-3.28.5-8.el7.noarch.rpm ppc64: evolution-data-server-debuginfo-3.28.5-4.el7.ppc.rpm evolution-data-server-debuginfo-3.28.5-4.el7.ppc64.rpm evolution-data-server-devel-3.28.5-4.el7.ppc.rpm evolution-data-server-devel-3.28.5-4.el7.ppc64.rpm evolution-data-server-perl-3.28.5-4.el7.ppc64.rpm evolution-data-server-tests-3.28.5-4.el7.ppc.rpm evolution-data-server-tests-3.28.5-4.el7.ppc64.rpm ppc64le: evolution-3.28.5-8.el7.ppc64le.rpm evolution-bogofilter-3.28.5-8.el7.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-4.el7.ppc64le.rpm evolution-data-server-perl-3.28.5-4.el7.ppc64le.rpm evolution-data-server-tests-3.28.5-4.el7.ppc64le.rpm evolution-debuginfo-3.28.5-8.el7.ppc64le.rpm evolution-devel-3.28.5-8.el7.ppc64le.rpm evolution-ews-3.28.5-5.el7.ppc64le.rpm evolution-ews-debuginfo-3.28.5-5.el7.ppc64le.rpm evolution-pst-3.28.5-8.el7.ppc64le.rpm evolution-spamassassin-3.28.5-8.el7.ppc64le.rpm s390x: evolution-data-server-debuginfo-3.28.5-4.el7.s390.rpm evolution-data-server-debuginfo-3.28.5-4.el7.s390x.rpm evolution-data-server-devel-3.28.5-4.el7.s390.rpm evolution-data-server-devel-3.28.5-4.el7.s390x.rpm evolution-data-server-perl-3.28.5-4.el7.s390x.rpm evolution-data-server-tests-3.28.5-4.el7.s390.rpm evolution-data-server-tests-3.28.5-4.el7.s390x.rpm x86_64: evolution-3.28.5-8.el7.i686.rpm evolution-3.28.5-8.el7.x86_64.rpm evolution-bogofilter-3.28.5-8.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.i686.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-data-server-perl-3.28.5-4.el7.x86_64.rpm evolution-data-server-tests-3.28.5-4.el7.i686.rpm evolution-data-server-tests-3.28.5-4.el7.x86_64.rpm evolution-debuginfo-3.28.5-8.el7.i686.rpm evolution-debuginfo-3.28.5-8.el7.x86_64.rpm evolution-devel-3.28.5-8.el7.i686.rpm evolution-devel-3.28.5-8.el7.x86_64.rpm evolution-ews-3.28.5-5.el7.i686.rpm evolution-ews-3.28.5-5.el7.x86_64.rpm evolution-ews-debuginfo-3.28.5-5.el7.i686.rpm evolution-ews-debuginfo-3.28.5-5.el7.x86_64.rpm evolution-pst-3.28.5-8.el7.x86_64.rpm evolution-spamassassin-3.28.5-8.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: atk-2.28.1-2.el7.src.rpm evolution-3.28.5-8.el7.src.rpm evolution-data-server-3.28.5-4.el7.src.rpm evolution-ews-3.28.5-5.el7.src.rpm noarch: evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm evolution-ews-langpacks-3.28.5-5.el7.noarch.rpm evolution-help-3.28.5-8.el7.noarch.rpm evolution-langpacks-3.28.5-8.el7.noarch.rpm x86_64: atk-2.28.1-2.el7.i686.rpm atk-2.28.1-2.el7.x86_64.rpm atk-debuginfo-2.28.1-2.el7.i686.rpm atk-debuginfo-2.28.1-2.el7.x86_64.rpm atk-devel-2.28.1-2.el7.i686.rpm atk-devel-2.28.1-2.el7.x86_64.rpm evolution-3.28.5-8.el7.x86_64.rpm evolution-data-server-3.28.5-4.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-data-server-devel-3.28.5-4.el7.x86_64.rpm evolution-debuginfo-3.28.5-8.el7.x86_64.rpm evolution-ews-3.28.5-5.el7.x86_64.rpm evolution-ews-debuginfo-3.28.5-5.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: evolution-data-server-doc-3.28.5-4.el7.noarch.rpm evolution-devel-docs-3.28.5-8.el7.noarch.rpm x86_64: evolution-bogofilter-3.28.5-8.el7.x86_64.rpm evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpm evolution-data-server-perl-3.28.5-4.el7.x86_64.rpm evolution-data-server-tests-3.28.5-4.el7.x86_64.rpm evolution-debuginfo-3.28.5-8.el7.i686.rpm evolution-debuginfo-3.28.5-8.el7.x86_64.rpm evolution-devel-3.28.5-8.el7.i686.rpm evolution-devel-3.28.5-8.el7.x86_64.rpm evolution-pst-3.28.5-8.el7.x86_64.rpm evolution-spamassassin-3.28.5-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2018-15587 https://access.redhat.com/security/cve/CVE-2019-3890 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoObqNzjgjWX9erEAQhCNw//Y/8sBGgt2HvuhTEaOtvpg+Qt0dVYiiAU MpYT5oOS5Ob8hy/E8DESb8wq7FZyrlTATX0UZXIMGN0dh1kvrwYHvHWMVJrFSIw/ +RzvyFQopB9ljA+Gq2+mFm3/yvWCVp8ObJTJnfUjohcEPH3LrgzOYF+WSoWSKw+M AerR2z2aKqCGX78UgXBJLuCQCaOWeeuNfaXsnach+Hk40oMaTi648AtS+mxv01n1 /d6ahjKljGdmlsL12K8570ZRUIQhjPgI1DSXTpF25BHfvDQVGUKYC42H61VbI5h3 ul0Oak4bcavLYmOwPIHjPzycVaBK9qpIbncAr5K9E9NKhBMSjwEoWJ26JoYi5hLa y+dtqtYQZ4mXq9fJCZ044W6C9jGJ7W2tqg7soFU448VfBoyjSnfCOBv2/zP1z653 amNGHB1Oq7AQbgyqXtuS01NpwZC5fjbOT0YUPZxV2cCq5FC1avK9syxGajU5ie8e nZ4ilWEkTKAMEoSrH50RltK4LryTTfQjj7rOW4YFmV3scAGZ16ZT+UYUo9I7pTdf QpBGOIjYcvr79ad4fh/sLjzQqFPlssXfC6Ea1x6/REQQ1NHAS/gKIBnBwiYxj6c9 EkPP/FZf3d+ViOn/ywGk6sprEnheWQBuyIBnpQ53oTYRY+k+B04DutRbVr80EBcX Cj0LcHiLDaE=xy0A -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A new update for Evolution on Fedora tackles moderate security vulnerabilities and provides essential bug resolutions. Discover more details today.. Red Hat Enterprise Linux, evolution update, security advisory, moderate risk, bug fix. . LinuxSecurity.com Team

Calendar%202 Mar 31, 2020 Red Hat
100

SUSE: 2019:1391-2 Moderate: Evolution Email Spoofing Fix

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for evolution ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1391-2 Rating: moderate References: #1125230 Cross-References: CVE-2018-15587 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for evolution fixes the following issue: Security issue fixed: - CVE-2018-15587: Fixed OpenPGP signatures spoofing via specially crafted email that contains a valid signature (bsc#1125230). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-1391=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1391=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): evolution-3.22.6-19.9.1 evolution-debuginfo-3.22.6-19.9.1 evolution-debugsource-3.22.6-19.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): evolution-lang-3.22.6-19.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): evolution-debuginfo-3.22.6-19.9.1 evolution-debugsource-3.22.6-19.9.1 evolution-devel-3.22.6-19.9.1 References: https://www.suse.com/security/cve/CVE-2018-15587.html https://bugzilla.suse.com/1125230 _______________________________________________ sle-security-updates mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE Security Enhancement for thunderbird tackles notable vulnerabilities such as phishing security gaps proficiently.. suse evolution update, email spoofing security, evolution security patch, SUSE Linux updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 12, 2019 Important SuSE
98

Red Hat Enterprise Linux: RHSA-2019-3699 Moderate Advisory on Evolution

An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: evolution security and bug fix update Advisory ID: RHSA-2019:3699-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3699 Issue date: 2019-11-05 CVE Names: CVE-2019-3890 ==================================================================== 1. Summary: An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - noarch, ppc64le, x86_64 3. Description: Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Security Fix(es): * evolution-ews: all certificate errors ignored if configured to ignore an initial error in gnome-online-accounts creation resulting in the connection open to being viewed and modified. (CVE-2019-3890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the RedHat Enterprise Linux 8.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Evolution must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1678313 - CVE-2019-3890 evolution-ews: all certificate errors ignored if configured to ignore an initial error in gnome-online-accounts creation resulting in the connection open to being viewed and modified. 1713619 - [abrt] test-cal-client-get-revision could fail due to delayed D-Bus property change notification 1724232 - Help Contents (F1) has a bad link to GNOME site 1724984 - [ECompEditor] Ensure attendee changes stored before save 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: evolution-3.28.5-9.el8.src.rpm evolution-data-server-3.28.5-11.el8.src.rpm evolution-ews-3.28.5-5.el8.src.rpm noarch: evolution-data-server-langpacks-3.28.5-11.el8.noarch.rpm evolution-ews-langpacks-3.28.5-5.el8.noarch.rpm evolution-help-3.28.5-9.el8.noarch.rpm evolution-langpacks-3.28.5-9.el8.noarch.rpm ppc64le: evolution-3.28.5-9.el8.ppc64le.rpm evolution-bogofilter-3.28.5-9.el8.ppc64le.rpm evolution-bogofilter-debuginfo-3.28.5-9.el8.ppc64le.rpm evolution-data-server-3.28.5-11.el8.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-11.el8.ppc64le.rpm evolution-data-server-debugsource-3.28.5-11.el8.ppc64le.rpm evolution-data-server-devel-3.28.5-11.el8.ppc64le.rpm evolution-data-server-tests-debuginfo-3.28.5-11.el8.ppc64le.rpm evolution-debuginfo-3.28.5-9.el8.ppc64le.rpm evolution-debugsource-3.28.5-9.el8.ppc64le.rpm evolution-ews-3.28.5-5.el8.ppc64le.rpm evolution-ews-debuginfo-3.28.5-5.el8.ppc64le.rpm evolution-ews-debugsource-3.28.5-5.el8.ppc64le.rpm evolution-pst-3.28.5-9.el8.ppc64le.rpm evolution-pst-debuginfo-3.28.5-9.el8.ppc64le.rpm evolution-spamassassin-3.28.5-9.el8.ppc64le.rpm evolution-spamassassin-debuginfo-3.28.5-9.el8.ppc64le.rpm x86_64: evolution-3.28.5-9.el8.x86_64.rpm evolution-bogofilter-3.28.5-9.el8.x86_64.rpm evolution-bogofilter-debuginfo-3.28.5-9.el8.x86_64.rpm evolution-data-server-3.28.5-11.el8.i686.rpm evolution-data-server-3.28.5-11.el8.x86_64.rpm evolution-data-server-debuginfo-3.28.5-11.el8.i686.rpm evolution-data-server-debuginfo-3.28.5-11.el8.x86_64.rpm evolution-data-server-debugsource-3.28.5-11.el8.i686.rpm evolution-data-server-debugsource-3.28.5-11.el8.x86_64.rpm evolution-data-server-devel-3.28.5-11.el8.i686.rpm evolution-data-server-devel-3.28.5-11.el8.x86_64.rpm evolution-data-server-tests-debuginfo-3.28.5-11.el8.i686.rpm evolution-data-server-tests-debuginfo-3.28.5-11.el8.x86_64.rpm evolution-debuginfo-3.28.5-9.el8.x86_64.rpm evolution-debugsource-3.28.5-9.el8.x86_64.rpm evolution-ews-3.28.5-5.el8.x86_64.rpm evolution-ews-debuginfo-3.28.5-5.el8.x86_64.rpm evolution-ews-debugsource-3.28.5-5.el8.x86_64.rpm evolution-pst-3.28.5-9.el8.x86_64.rpm evolution-pst-debuginfo-3.28.5-9.el8.x86_64.rpm evolution-spamassassin-3.28.5-9.el8.x86_64.rpm evolution-spamassassin-debuginfo-3.28.5-9.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): noarch: evolution-data-server-doc-3.28.5-11.el8.noarch.rpm ppc64le: evolution-bogofilter-debuginfo-3.28.5-9.el8.ppc64le.rpm evolution-data-server-debuginfo-3.28.5-11.el8.ppc64le.rpm evolution-data-server-debugsource-3.28.5-11.el8.ppc64le.rpm evolution-data-server-perl-3.28.5-11.el8.ppc64le.rpm evolution-data-server-tests-3.28.5-11.el8.ppc64le.rpm evolution-data-server-tests-debuginfo-3.28.5-11.el8.ppc64le.rpm evolution-debuginfo-3.28.5-9.el8.ppc64le.rpm evolution-debugsource-3.28.5-9.el8.ppc64le.rpm evolution-devel-3.28.5-9.el8.ppc64le.rpm evolution-pst-debuginfo-3.28.5-9.el8.ppc64le.rpm evolution-spamassassin-debuginfo-3.28.5-9.el8.ppc64le.rpm x86_64: evolution-bogofilter-debuginfo-3.28.5-9.el8.i686.rpm evolution-bogofilter-debuginfo-3.28.5-9.el8.x86_64.rpm evolution-data-server-debuginfo-3.28.5-11.el8.i686.rpm evolution-data-server-debuginfo-3.28.5-11.el8.x86_64.rpm evolution-data-server-debugsource-3.28.5-11.el8.i686.rpm evolution-data-server-debugsource-3.28.5-11.el8.x86_64.rpm evolution-data-server-perl-3.28.5-11.el8.x86_64.rpm evolution-data-server-tests-3.28.5-11.el8.i686.rpm evolution-data-server-tests-3.28.5-11.el8.x86_64.rpm evolution-data-server-tests-debuginfo-3.28.5-11.el8.i686.rpm evolution-data-server-tests-debuginfo-3.28.5-11.el8.x86_64.rpm evolution-debuginfo-3.28.5-9.el8.i686.rpm evolution-debuginfo-3.28.5-9.el8.x86_64.rpm evolution-debugsource-3.28.5-9.el8.i686.rpm evolution-debugsource-3.28.5-9.el8.x86_64.rpm evolution-devel-3.28.5-9.el8.i686.rpm evolution-devel-3.28.5-9.el8.x86_64.rpm evolution-pst-debuginfo-3.28.5-9.el8.i686.rpm evolution-pst-debuginfo-3.28.5-9.el8.x86_64.rpm evolution-spamassassin-debuginfo-3.28.5-9.el8.i686.rpm evolution-spamassassin-debuginfo-3.28.5-9.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-3890 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPG v1 iQIVAwUBXcHza9zjgjWX9erEAQjMwBAAmWSC5AVB5A6rOjhyljU7+YPOVyz1Sxkb 28K26IIVyD4IuGO7n6Ge1L3/u37NVkTlquPKxqqdW70Cw7pKVkBxxdFF/14czTAD SldbEteKY4dT+uAihPRKQMoFTggtJbzBGjr7ikVg0b+hZW+b3AXhYLtC0HMiy1BQ 21ZpqwsOTNm7KvnBjGptbJyHEc8LCwuckONhO8IhEHqw8DkmlIlcS3CH1zZr2IwO Asw+3ixk9uQH+vDWGvlBe+XXpPY/6mhUbFRuvAaEvK80eH02LTRXGwCHYUf3ZRvx Fms5v5TM9M1FB6qkb/nRLh9Gl83BWeOiVOzhWvxMpInqDn21MMMoYvpFlqOmWyU9 znLbCiM60x/agwaMhXadCO2ZjxV+Y/in6HfcIn2SWFA0J4bMvTXLxpf9uIKP1sUj my8Q/aGyskdY1fMZ9eQqDNOqdKDA2Iax1S3Q6EeHbM9FkfM5x2ynrykV4IdI8t8P IX6M4fe4BXRaHj9lvn0VC6Me0bP+LU+Q4OSqLkKKUSS0v/3TINk6HcjRHuh0ZJGa fdFVlw7KuA5292wSkgXJNTvAnLNlbq1OH35fXLDQLxfNhotuX8kiOV9TeBXhK/aT GTMvrsdSI4985duDLZa2wuFRNhvgyMTwTZ+IGuAe90zl6wTfHAFLIaCG039i7dsN OEeMg9PzziI=P/Fg -----END PGP SIGNATURE-------RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Cautious security notice for Red Hat concerning a new patch for Evolution, addressing significant issues and improving overall security measures.. Evolution Update, Red Hat Advisory, Bug Fix, Data Protection, Linux Security. . LinuxSecurity.com Team

Calendar%202 Nov 05, 2019 Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200