Red Hat Product Errata RHSA-2007:0353 - Security Advisory

Issued:: 2007-05-17
Updated:: 2007-05-17

RHSA-2007:0353 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: evolution security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated evolution packages that fix a security bug are now available for
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Evolution is the GNOME collection of personal information management (PIM)
tools.

A flaw was found in the way Evolution processed certain APOP authentication
requests. A remote attacker could potentially acquire certain portions of a
user's authentication credentials by sending certain responses when
evolution-data-server attempted to authenticate against an APOP server.
(CVE-2007-1558)

All users of Evolution should upgrade to these updated packages, which
contain a backported patch which resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

BZ - 238565 - CVE-2007-1558 Evolution APOP information disclosure

CVEs

CVE-2007-1558

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm	SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
x86_64
evolution-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
ia64
evolution-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
i386
evolution-2.0.2-35.0.2.el4.i386.rpm	SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-2.0.2-35.0.2.el4.i386.rpm	SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-devel-2.0.2-35.0.2.el4.i386.rpm	SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5
evolution-devel-2.0.2-35.0.2.el4.i386.rpm	SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm	SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
x86_64
evolution-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
ia64
evolution-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
i386
evolution-2.0.2-35.0.2.el4.i386.rpm	SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-2.0.2-35.0.2.el4.i386.rpm	SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-devel-2.0.2-35.0.2.el4.i386.rpm	SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5
evolution-devel-2.0.2-35.0.2.el4.i386.rpm	SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5

Red Hat Enterprise Linux Workstation 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm	SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
x86_64
evolution-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
ia64
evolution-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: d653f339be9638367ff6c8e6bdee7b7e50290b269e72adcc185b1a5b1d11e009
evolution-devel-2.0.2-35.0.2.el4.ia64.rpm	SHA-256: 8d565f7714492b3121519a44fc88dac147e02e30fa9e4770919545a994b17ea3
i386
evolution-2.0.2-35.0.2.el4.i386.rpm	SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-devel-2.0.2-35.0.2.el4.i386.rpm	SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm	SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
x86_64
evolution-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: 833d8e381095a71eaa74c3a4d56e445c74a73889706ca3dca9b1f6a61937956f
evolution-devel-2.0.2-35.0.2.el4.x86_64.rpm	SHA-256: c4e621a276bf571ebe7a232e4c4cbb7a5a8808e102c65991fafb1160652d636a
i386
evolution-2.0.2-35.0.2.el4.i386.rpm	SHA-256: edeb8eb6c72a6fff06b7d91848e3d0540090276e8ad7aa64720d124fd45dd973
evolution-devel-2.0.2-35.0.2.el4.i386.rpm	SHA-256: 7a8351e3f8bcffc912f148fb0d57ad23db18e218ef461a6c8d46614ff71824a5

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm	SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
s390x
evolution-2.0.2-35.0.2.el4.s390x.rpm	SHA-256: 386db4b2f2d1b35c95b753848e3d680a7aed90e15343c32d217e8b9f4728f072
evolution-devel-2.0.2-35.0.2.el4.s390x.rpm	SHA-256: e138a287575395d70b4d6eb70a4c9f43dfc6ea2721e1dec8d934ff6930f2d8d8
s390
evolution-2.0.2-35.0.2.el4.s390.rpm	SHA-256: ef08fb59a9036e8f219704b14ae575fbe315831eed683984053301aa4a0e7463
evolution-devel-2.0.2-35.0.2.el4.s390.rpm	SHA-256: e0faddc9f2fe0b6dd68bf9fd57f4c9fa1c0b5f5bf02b48790727fbc4676258c3

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm	SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
s390x
evolution-2.0.2-35.0.2.el4.s390x.rpm	SHA-256: 386db4b2f2d1b35c95b753848e3d680a7aed90e15343c32d217e8b9f4728f072
evolution-devel-2.0.2-35.0.2.el4.s390x.rpm	SHA-256: e138a287575395d70b4d6eb70a4c9f43dfc6ea2721e1dec8d934ff6930f2d8d8
s390
evolution-2.0.2-35.0.2.el4.s390.rpm	SHA-256: ef08fb59a9036e8f219704b14ae575fbe315831eed683984053301aa4a0e7463
evolution-devel-2.0.2-35.0.2.el4.s390.rpm	SHA-256: e0faddc9f2fe0b6dd68bf9fd57f4c9fa1c0b5f5bf02b48790727fbc4676258c3

Red Hat Enterprise Linux for Power, big endian 4

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm	SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
ppc
evolution-2.0.2-35.0.2.el4.ppc.rpm	SHA-256: 805300ff46fca4bcacd86486e9456a585325e7a144454ea5d3f00f5fc612f3e0
evolution-devel-2.0.2-35.0.2.el4.ppc.rpm	SHA-256: 0f0a0863009f86faab367eab6eda6f4dfa67a6078eae23bdac53ee14f62bcd4c

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
evolution-2.0.2-35.0.2.el4.src.rpm	SHA-256: 72c716efbec5ec4aefd2777b38f7d4773d2f0fc9782f56d4d4ea73f87285f617
ppc
evolution-2.0.2-35.0.2.el4.ppc.rpm	SHA-256: 805300ff46fca4bcacd86486e9456a585325e7a144454ea5d3f00f5fc612f3e0
evolution-devel-2.0.2-35.0.2.el4.ppc.rpm	SHA-256: 0f0a0863009f86faab367eab6eda6f4dfa67a6078eae23bdac53ee14f62bcd4c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation