MDVSA-2009:078 -- Mandriva evolution-data-server
|ID: oval:org.secpod.oval:def:300653||Date: (C)2012-01-07 (M)2018-06-11|
|Class: PATCH||Family: unix|
A wrong handling of signed Secure/Multipurpose Internet Mail Extensions e-mail messages enables attackers to spoof its signatures by modifying the latter copy . Crafted authentication challange packets sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client . Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code . This update provides fixes for those vulnerabilities. Update: evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587.
|Mandriva Linux 2009.0|
|Mandriva Linux 2008.1|
|Mandriva Linux 2008.0|