USN-3724-1: Evolution Data Server vulnerability
26 July 2018
Evolution Data Server could be made to expose sensitive information over the network.
Releases
Packages
- evolution-data-server - Evolution suite data server
Details
Jon Kristensen discovered that Evolution Data Server would automatically
downgrade a connection to an IMAP server if the IMAP server did not support
SSL. This would result in the user's password being unexpectedly sent in clear
text, even though the user had requested to use SSL.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
evolution-data-server
-
3.18.5-1ubuntu1.1
-
evolution-data-server-common
-
3.18.5-1ubuntu1.1
-
libcamel-1.2-54
-
3.18.5-1ubuntu1.1
-
libebackend-1.2-10
-
3.18.5-1ubuntu1.1
-
libedataserver-1.2-21
-
3.18.5-1ubuntu1.1
Ubuntu 14.04
-
evolution-data-server
-
3.10.4-0ubuntu1.6
-
evolution-data-server-common
-
3.10.4-0ubuntu1.6
-
libcamel-1.2-45
-
3.10.4-0ubuntu1.6
-
libebackend-1.2-7
-
3.10.4-0ubuntu1.6
-
libedataserver-1.2-18
-
3.10.4-0ubuntu1.6
After a standard system update you need to restart Evolution to make
all the necessary changes.