Executive Summary
Summary | |
---|---|
Title | evolution security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2013:1540 | First vendor Publication | 2013-11-21 |
Vendor | RedHat | Last vendor Modification | 2013-11-21 |
Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | |||
---|---|---|---|
Overall CVSS Score | 7.5 | ||
Base Score | 7.5 | Environmental Score | 7.5 |
impact SubScore | 3.6 | Temporal Score | 7.5 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | None | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. (CVE-2013-4166) The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017, BZ#524917, BZ#524921, BZ#883044) The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#883019) The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#883032) This update also fixes the following bug: * The Exchange Calendar could not fetch the "Free" and "Busy" information for meeting attendees when using Microsoft Exchange 2010 servers, and this information thus could not be displayed. This happened because Microsoft Exchange 2010 servers use more strict rules for "Free" and "Busy" information fetching. With this update, the respective code in the openchange packages has been modified so the "Free" and "Busy" information fetching now complies with the fetching rules on Microsoft Exchange 2010 servers. The "Free" and "Busy" information can now be displayed as expected in the Exchange Calendar. (BZ#665967) All Evolution users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Evolution must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 589263 - [PATCH] Google contacts can unlock its cache causing slow updating 602667 - [PATCH] [abrt] evolution-2.28.3-3.el6: camel_msgport_try_pop, camel_operation_cancel_check, regen_list_done 615969 - Whitespaces drop on paste 619842 - Attached email message is empty in forwarded email 624851 - Evolution mail client: Unable to load encryption cert from the smart card to send/receive encrypted messages. 626690 - [mail] HTML format - header 1 size Text becomes Normal after selecting strike, italic, underline format 628174 - [cal] Listview - Copy Paste is not working 630314 - [evol][ml_IN] - Translation Short-cuts are inconsistent 665967 - Free/busy fetch broken 667081 - evo - Crash in alarm-queue.c:display_notification 670917 - Evolution reports cancelled meeting is in disabled calendar 683402 - gnome bug #615384 - Use contact's free/busy URL only when not empty 689429 - Button "Open With" doesn't work 692658 - [PATCH] evolution can't load caldav calendars with a space in their name 694134 - Contacts in evolution-mapi address book are not searchable 694142 - Global Address List is not displayed when it loads for the first time 696620 - Crash in retrieval_done of OnTheWeb calendar 698243 - Alarms can't be set on meetings/appointments filed by others 698246 - Calendar password dialog box has insane default 700726 - [i686] Folders are not migrated 700733 - Folder summary information is not properly updated after migration 700789 - [evol][ml_IN] - Translation Short-cuts are inconsistent 702608 - sending link and close will not kill all evolution processes 724843 - [abrt] evolution-2.28.3-24.el6: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV) 737865 - Accepting invitation of event in Evolution doesn't change its state in Zimbra 739968 - Initialize dbus-glib threading in evolution-data-server 750916 - Evolution should offer TLSv1 for IMAPS handshake 772652 - Evolution picks default account address when it does not make sense 804651 - CalDAV backend doesn't respect "Copy for offline" option 809542 - When auto-moving within message list, move to "most preferred" or "least preferred unread" 810460 - when going to offline mode, evolution shows sync dialog window on top of last opened main window, not actual window 811980 - Adding event to Google calendar reports error in Evolution 813266 - Deadlock on folder search 815363 - RFE: Add Reply to List to toolbar 815371 - When copying & pasting a name with chinese characters via clipboard, quoted-printable text is pasted 832973 - segfault in connect_header() after attempt to save view layout with unicode in its name 838750 - [RFE] Add support for exchange's delegate email feature to Evolution 857003 - bad czech translation string: "Nenalezena událost '$CALENDAR' v kalendáŠ|
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2013-1540.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18052 | |||
Oval ID: | oval:org.mitre.oval:def:18052 | ||
Title: | USN-1922-1 -- evolution-data-server vulnerability | ||
Description: | Evolution would sometimes encrypt email to the wrong recipient. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1922-1 CVE-2013-4166 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | evolution-data-server |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1540.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_evolution_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-11-29 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1540.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1540.nasl - Type : ACT_GATHER_INFO |
2013-08-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1922-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:03:44 |
|
2014-11-13 13:27:19 |
|
2014-02-17 11:57:35 |
|
2013-11-21 09:18:20 |
|