MDVSA-2009:078 -- Mandriva evolution-data-serverID: oval:org.secpod.oval:def:300653 | Date: (C)2012-01-07 (M)2023-02-20 |
Class: PATCH | Family: unix |
A wrong handling of signed Secure/Multipurpose Internet Mail Extensions e-mail messages enables attackers to spoof its signatures by modifying the latter copy . Crafted authentication challange packets sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client . Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code . This update provides fixes for those vulnerabilities. Update: evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2008.1 |
Mandriva Linux 2008.0 |
Product: |
evolution-data-server |