USN-6876-1: Kopano Core vulnerabilities

Releases

• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• kopanocore - Complete and feature rich groupware solution

Details

It was discovered that Kopano Core allowed out-of-bounds access. An
attacker could use this issue to expose private information. This issue
only affected Ubuntu 18.04 LTS. (CVE-2019-19907)

It was discovered that Kopano Core allowed possible authentication
with expired passwords. An attacker could use this issue to bypass
authentication. (CVE-2022-26562)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• kopano-archiver - 8.7.0-7.1ubuntu10.1
• kopano-contacts - 8.7.0-7.1ubuntu10.1
• kopano-dagent - 8.7.0-7.1ubuntu10.1
• kopano-gateway - 8.7.0-7.1ubuntu10.1
• kopano-ical - 8.7.0-7.1ubuntu10.1
• kopano-libs - 8.7.0-7.1ubuntu10.1
• kopano-monitor - 8.7.0-7.1ubuntu10.1
• kopano-server - 8.7.0-7.1ubuntu10.1
• kopano-spooler - 8.7.0-7.1ubuntu10.1
• kopano-utils - 8.7.0-7.1ubuntu10.1
• php-mapi - 8.7.0-7.1ubuntu10.1
• python3-mapi - 8.7.0-7.1ubuntu10.1

Ubuntu 20.04

• kopano-archiver - 8.7.0-7ubuntu1.1
• kopano-contacts - 8.7.0-7ubuntu1.1
• kopano-dagent - 8.7.0-7ubuntu1.1
• kopano-gateway - 8.7.0-7ubuntu1.1
• kopano-ical - 8.7.0-7ubuntu1.1
• kopano-libs - 8.7.0-7ubuntu1.1
• kopano-monitor - 8.7.0-7ubuntu1.1
• kopano-server - 8.7.0-7ubuntu1.1
• kopano-spooler - 8.7.0-7ubuntu1.1
• kopano-utils - 8.7.0-7ubuntu1.1
• php-mapi - 8.7.0-7ubuntu1.1
• python3-mapi - 8.7.0-7ubuntu1.1

Ubuntu 18.04

• kopano-archiver - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-contacts - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-dagent - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-gateway - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-ical - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-libs - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-monitor - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-server - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-spooler - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• kopano-utils - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• php-mapi - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro
• python-mapi - 8.5.5-0ubuntu1+esm1
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-19907
• CVE-2022-26562