Lucene search

CentOS ProjectCESA-2013:1540

HistoryNov 26, 2013 - 1:31 p.m.

cheese, control, ekiga, evolution, finch, gnome, gtkhtml3, libgdata, libpurple, nautilus, openchange, pidgin, planner, totem security update

2013-11-2613:31:12

CentOS Project

lists.centos.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

CentOS Errata and Security Advisory CESA-2013:1540

Evolution is the integrated collection of email, calendaring, contact
management, communications, and personal information management (PIM) tools
for the GNOME desktop environment.

A flaw was found in the way Evolution selected GnuPG public keys when
encrypting emails. This could result in emails being encrypted with public
keys other than the one belonging to the intended recipient.
(CVE-2013-4166)

The Evolution packages have been upgraded to upstream version 2.32.3, which
provides a number of bug fixes and enhancements over the previous version.
These changes include implementation of Gnome XDG Config Folders, and
support for Exchange Web Services (EWS) protocol to connect to Microsoft
Exchange servers. EWS support has been added as a part of the
evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017,
BZ#524917, BZ#524921, BZ#883044)

The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#883019)

The libgdata packages have been upgraded to upstream version 0.6.4, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#883032)

This update also fixes the following bug:

The Exchange Calendar could not fetch the “Free” and “Busy” information
for meeting attendees when using Microsoft Exchange 2010 servers, and this
information thus could not be displayed. This happened because Microsoft
Exchange 2010 servers use more strict rules for “Free” and “Busy”
information fetching. With this update, the respective code in the
openchange packages has been modified so the “Free” and “Busy” information
fetching now complies with the fetching rules on Microsoft Exchange 2010
servers. The “Free” and “Busy” information can now be displayed as expected
in the Exchange Calendar. (BZ#665967)

All Evolution users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. All running instances of Evolution must be restarted for this
update to take effect.

Affected packages:
cheese
control-center
control-center-devel
control-center-extra
control-center-filesystem
ekiga
evolution
evolution-data-server
evolution-data-server-devel
evolution-data-server-doc
evolution-devel
evolution-devel-docs
evolution-exchange
evolution-help
evolution-mapi
evolution-mapi-devel
evolution-perl
evolution-pst
evolution-spamassassin
finch
finch-devel
gnome-panel
gnome-panel-devel
gnome-panel-libs
gnome-python2-applet
gnome-python2-brasero
gnome-python2-bugbuddy
gnome-python2-desktop
gnome-python2-evince
gnome-python2-evolution
gnome-python2-gnomedesktop
gnome-python2-gnomekeyring
gnome-python2-gnomeprint
gnome-python2-gtksourceview
gnome-python2-libgtop2
gnome-python2-libwnck
gnome-python2-metacity
gnome-python2-rsvg
gnome-python2-totem
gtkhtml3
gtkhtml3-devel
libgdata
libgdata-devel
libpurple
libpurple-devel
libpurple-perl
libpurple-tcl
nautilus-sendto
nautilus-sendto-devel
openchange
openchange-client
openchange-devel
openchange-devel-docs
pidgin
pidgin-devel
pidgin-docs
pidgin-perl
planner
planner-devel
planner-eds
totem
totem-devel
totem-jamendo
totem-mozplugin
totem-nautilus
totem-upnp
totem-youtube

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1540

OSVersionArchitecturePackageVersionFilename
CentOS6i686cheese< 2.28.1-8.el6cheese-2.28.1-8.el6.i686.rpm
CentOS6x86_64cheese< 2.28.1-8.el6cheese-2.28.1-8.el6.x86_64.rpm
CentOS6i686control-center< 2.28.1-39.el6control-center-2.28.1-39.el6.i686.rpm
CentOS6i686control-center-devel< 2.28.1-39.el6control-center-devel-2.28.1-39.el6.i686.rpm
CentOS6i686control-center-extra< 2.28.1-39.el6control-center-extra-2.28.1-39.el6.i686.rpm
CentOS6i686control-center-filesystem< 2.28.1-39.el6control-center-filesystem-2.28.1-39.el6.i686.rpm
CentOS6i686control-center< 2.28.1-39.el6control-center-2.28.1-39.el6.i686.rpm
CentOS6x86_64control-center< 2.28.1-39.el6control-center-2.28.1-39.el6.x86_64.rpm
CentOS6i686control-center-devel< 2.28.1-39.el6control-center-devel-2.28.1-39.el6.i686.rpm
CentOS6x86_64control-center-devel< 2.28.1-39.el6control-center-devel-2.28.1-39.el6.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	6	i686	cheese	< 2.28.1-8.el6	cheese-2.28.1-8.el6.i686.rpm
CentOS	6	x86_64	cheese	< 2.28.1-8.el6	cheese-2.28.1-8.el6.x86_64.rpm
CentOS	6	i686	control-center	< 2.28.1-39.el6	control-center-2.28.1-39.el6.i686.rpm
CentOS	6	i686	control-center-devel	< 2.28.1-39.el6	control-center-devel-2.28.1-39.el6.i686.rpm
CentOS	6	i686	control-center-extra	< 2.28.1-39.el6	control-center-extra-2.28.1-39.el6.i686.rpm
CentOS	6	i686	control-center-filesystem	< 2.28.1-39.el6	control-center-filesystem-2.28.1-39.el6.i686.rpm
CentOS	6	i686	control-center	< 2.28.1-39.el6	control-center-2.28.1-39.el6.i686.rpm
CentOS	6	x86_64	control-center	< 2.28.1-39.el6	control-center-2.28.1-39.el6.x86_64.rpm
CentOS	6	i686	control-center-devel	< 2.28.1-39.el6	control-center-devel-2.28.1-39.el6.i686.rpm
CentOS	6	x86_64	control-center-devel	< 2.28.1-39.el6	control-center-devel-2.28.1-39.el6.x86_64.rpm