Summary
The remote host is missing an update to evolution-data-server announced via advisory FEDORA-2009-2792.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update evolution-data-server' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2792
Insight
Update Information:
This update fixes two security issues:
Evolution Data Server did not properly
check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547)
It was discovered that Evolution Data
Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582)
ChangeLog:
* Tue Mar 17 2009 Matthew Barnes - 2.22.3-3.fc9
- Add patch for RH bug #484925 (CVE-2009-0547, S/MIME signatures).
- Add patch for RH bug #487685 (CVE-2009-0582, NTLM authentication).
References
Severity
Classification
-
CVE CVE-2009-0547, CVE-2009-0582 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:N/A:P
Related Vulnerabilities