DSA-1813-1 evolution-data-server -- Several vulnerabilities
|ID: oval:org.secpod.oval:def:600282||Date: (C)2011-05-13 (M)2018-03-27|
|Class: PATCH||Family: unix|
Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service. For the oldstable distribution , these problems have been fixed in version 1.6.3-5etch2. For the stable distribution , these problems have been fixed in version 2.22.3-1.1+lenny1. For the testing distribution and the unstable distribution , these problems have been fixed in version 18.104.22.168-1. We recommend that you upgrade your evolution-data-server packages.