USN-4429-1: Evolution Data Server vulnerability
22 July 2020
Evolution Data Server could be made to expose sensitive information over the network.
Releases
Packages
- evolution-data-server - Evolution suite data server
Details
It was discovered that Evolution Data Server incorrectly handled STARTTLS
when using SMTP and POP3. A remote attacker could possibly use this issue
to perform a response injection attack.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
evolution-data-server
-
3.36.3-0ubuntu1.1
-
evolution-data-server-common
-
3.36.3-0ubuntu1.1
-
libcamel-1.2-62
-
3.36.3-0ubuntu1.1
-
libebackend-1.2-10
-
3.36.3-0ubuntu1.1
-
libedataserver-1.2-24
-
3.36.3-0ubuntu1.1
Ubuntu 18.04
-
evolution-data-server
-
3.28.5-0ubuntu0.18.04.3
-
evolution-data-server-common
-
3.28.5-0ubuntu0.18.04.3
-
libcamel-1.2-61
-
3.28.5-0ubuntu0.18.04.3
-
libebackend-1.2-10
-
3.28.5-0ubuntu0.18.04.3
-
libedataserver-1.2-23
-
3.28.5-0ubuntu0.18.04.3
Ubuntu 16.04
-
evolution-data-server
-
3.18.5-1ubuntu1.3
-
evolution-data-server-common
-
3.18.5-1ubuntu1.3
-
libcamel-1.2-54
-
3.18.5-1ubuntu1.3
-
libebackend-1.2-10
-
3.18.5-1ubuntu1.3
-
libedataserver-1.2-21
-
3.18.5-1ubuntu1.3
After a standard system update you need to restart your session to make
all the necessary changes.