Red Hat Product Errata RHSA-2007:0353 - Security Advisory
Issued:
2007-05-17
Updated:
2007-05-17

RHSA-2007:0353 - Security Advisory

Synopsis

Moderate: evolution security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated evolution packages that fix a security bug are now available for
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Evolution is the GNOME collection of personal information management (PIM)
tools.

A flaw was found in the way Evolution processed certain APOP authentication
requests. A remote attacker could potentially acquire certain portions of a
user's authentication credentials by sending certain responses when
evolution-data-server attempted to authenticate against an APOP server.
(CVE-2007-1558)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

  • BZ - 238565 - CVE-2007-1558 Evolution APOP information disclosure

Red Hat Enterprise Linux Server 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
x86_64
evolution-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
ia64
evolution-2.0.2-35.0.2.el4.ia64.rpm SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-2.0.2-35.0.2.el4.ia64.rpm SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
i386
evolution-2.0.2-35.0.2.el4.i386.rpm SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-2.0.2-35.0.2.el4.i386.rpm SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-devel-2.0.2-35.0.2.el4.i386.rpm SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5
evolution-devel-2.0.2-35.0.2.el4.i386.rpm SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
x86_64
evolution-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
ia64
evolution-2.0.2-35.0.2.el4.ia64.rpm SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-2.0.2-35.0.2.el4.ia64.rpm SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
i386
evolution-2.0.2-35.0.2.el4.i386.rpm SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-2.0.2-35.0.2.el4.i386.rpm SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-devel-2.0.2-35.0.2.el4.i386.rpm SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5
evolution-devel-2.0.2-35.0.2.el4.i386.rpm SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5

Red Hat Enterprise Linux Workstation 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
x86_64
evolution-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
ia64
evolution-2.0.2-35.0.2.el4.ia64.rpm SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
i386
evolution-2.0.2-35.0.2.el4.i386.rpm SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-devel-2.0.2-35.0.2.el4.i386.rpm SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
x86_64
evolution-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
i386
evolution-2.0.2-35.0.2.el4.i386.rpm SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-devel-2.0.2-35.0.2.el4.i386.rpm SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
s390x
evolution-2.0.2-35.0.2.el4.s390x.rpm SHA-256: 386db4b2f2d1b35c95b753848e3d680a7aed90e15343c32d217e8b9f4728f072
evolution-devel-2.0.2-35.0.2.el4.s390x.rpm SHA-256: e138a287575395d70b4d6eb70a4c9f43dfc6ea2721e1dec8d934ff6930f2d8d8
s390
evolution-2.0.2-35.0.2.el4.s390.rpm SHA-256: ef08fb59a9036e8f219704b14ae575fbe315831eed683984053301aa4a0e7463
evolution-devel-2.0.2-35.0.2.el4.s390.rpm SHA-256: e0faddc9f2fe0b6dd68bf9fd57f4c9fa1c0b5f5bf02b48790727fbc4676258c3

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
s390x
evolution-2.0.2-35.0.2.el4.s390x.rpm SHA-256: 386db4b2f2d1b35c95b753848e3d680a7aed90e15343c32d217e8b9f4728f072
evolution-devel-2.0.2-35.0.2.el4.s390x.rpm SHA-256: e138a287575395d70b4d6eb70a4c9f43dfc6ea2721e1dec8d934ff6930f2d8d8
s390
evolution-2.0.2-35.0.2.el4.s390.rpm SHA-256: ef08fb59a9036e8f219704b14ae575fbe315831eed683984053301aa4a0e7463
evolution-devel-2.0.2-35.0.2.el4.s390.rpm SHA-256: e0faddc9f2fe0b6dd68bf9fd57f4c9fa1c0b5f5bf02b48790727fbc4676258c3

Red Hat Enterprise Linux for Power, big endian 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
ppc
evolution-2.0.2-35.0.2.el4.ppc.rpm SHA-256: 805300ff46fca4bcacd86486e9456a585325e7a144454ea5d3f00f5fc612f3e0
evolution-devel-2.0.2-35.0.2.el4.ppc.rpm SHA-256: 0f0a0863009f86faab367eab6eda6f4dfa67a6078eae23bdac53ee14f62bcd4c

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
ppc
evolution-2.0.2-35.0.2.el4.ppc.rpm SHA-256: 805300ff46fca4bcacd86486e9456a585325e7a144454ea5d3f00f5fc612f3e0
evolution-devel-2.0.2-35.0.2.el4.ppc.rpm SHA-256: 0f0a0863009f86faab367eab6eda6f4dfa67a6078eae23bdac53ee14f62bcd4c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.