Red Hat 9041 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: evolution-data-server security update
Advisory ID: RHSA-2007:0344-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0344.html
Issue date: 2007-05-30
Updated on: 2007-05-30
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1558
- ---------------------------------------------------------------------

1. Summary:

Updated evolution-data-server package that fixes a security bug are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The evolution-data-server package provides a unified backend for programs
that work with contacts, tasks, and calendar information.

A flaw was found in the way evolution-data-server processed certain APOP
authentication requests. By sending certain responses when
evolution-data-server attempted to authenticate against an APOP server, a
remote attacker could potentially acquire certain portions of a user's
authentication credentials. (CVE-2007-1558)

All users of evolution-data-server should upgrade to these updated
packages, which contain a backported patch which resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

235289 - CVE-2007-1558 Evolution APOP information disclosure

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/evolution-data-server-1.8.0-15.0.3.el5.src.rpm
2dc38ea8fd12a3654ddf4bd36dd3f0c8 evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
12a37eee5ad4c2a982eebefd8b2d5686 evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm

x86_64:
12a37eee5ad4c2a982eebefd8b2d5686 evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
e9049a57a4a46768187c942d09ed18e1 evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm
f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/evolution-data-server-1.8.0-15.0.3.el5.src.rpm
2dc38ea8fd12a3654ddf4bd36dd3f0c8 evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
85d93f27c86928de6a3e861f3c9dc68c evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm

x86_64:
f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm
85d93f27c86928de6a3e861f3c9dc68c evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
89bff966c9bec550c442038a2028135c evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/evolution-data-server-1.8.0-15.0.3.el5.src.rpm
2dc38ea8fd12a3654ddf4bd36dd3f0c8 evolution-data-server-1.8.0-15.0.3.el5.src.rpm

i386:
12a37eee5ad4c2a982eebefd8b2d5686 evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
85d93f27c86928de6a3e861f3c9dc68c evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm

ia64:
6ba76e70eb9826231d246797ab6b21c7 evolution-data-server-1.8.0-15.0.3.el5.ia64.rpm
da4300ef017ecd2c01853894b47b2e6b evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ia64.rpm
2662f80f6af03a05e2d064b2ace99c24 evolution-data-server-devel-1.8.0-15.0.3.el5.ia64.rpm

ppc:
4539079a11bca9401812c12d59ceb6e1 evolution-data-server-1.8.0-15.0.3.el5.ppc.rpm
77b4f4f8897286bc0d10d51e32838572 evolution-data-server-1.8.0-15.0.3.el5.ppc64.rpm
4b37d2c9d8512fda671864484d550833 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ppc.rpm
28cb1a7aad5d3be6adfe3e09009ddbb5 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.ppc64.rpm
179b33eab82f94e18069641ae5c252aa evolution-data-server-devel-1.8.0-15.0.3.el5.ppc.rpm
54367c5a72247c9acc6663e164fe8839 evolution-data-server-devel-1.8.0-15.0.3.el5.ppc64.rpm

s390x:
e845ec48cdc8df471d5d114a93e21344 evolution-data-server-1.8.0-15.0.3.el5.s390.rpm
c0c440eb4ed5dd2d930434a3a92a8461 evolution-data-server-1.8.0-15.0.3.el5.s390x.rpm
1c4626a99ac75f4b68598e1c2c324b6a evolution-data-server-debuginfo-1.8.0-15.0.3.el5.s390.rpm
e47ff2ee3fc82654354792db8cd458b1 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.s390x.rpm
8d834b7fe2e3c55da02516402f5b5970 evolution-data-server-devel-1.8.0-15.0.3.el5.s390.rpm
88b102e274ed7c5eac65147b3922b567 evolution-data-server-devel-1.8.0-15.0.3.el5.s390x.rpm

x86_64:
12a37eee5ad4c2a982eebefd8b2d5686 evolution-data-server-1.8.0-15.0.3.el5.i386.rpm
e9049a57a4a46768187c942d09ed18e1 evolution-data-server-1.8.0-15.0.3.el5.x86_64.rpm
f763fab632e616cd201ca80e9f54010c evolution-data-server-debuginfo-1.8.0-15.0.3.el5.i386.rpm
7f6536db1f877c1b4f7c741fa0d39205 evolution-data-server-debuginfo-1.8.0-15.0.3.el5.x86_64.rpm
85d93f27c86928de6a3e861f3c9dc68c evolution-data-server-devel-1.8.0-15.0.3.el5.i386.rpm
89bff966c9bec550c442038a2028135c evolution-data-server-devel-1.8.0-15.0.3.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGXUdIXlSAg2UNWIIRAnrDAJ9mWzvojb4apawWjXjflZqJmBn8mgCguT4t
VnsUfW5asZrgUagXxmgkENc=
=ZOfG
-----END PGP SIGNATURE-----