5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
72.9%
CentOS Errata and Security Advisory CESA-2013:1540
Evolution is the integrated collection of email, calendaring, contact
management, communications, and personal information management (PIM) tools
for the GNOME desktop environment.
A flaw was found in the way Evolution selected GnuPG public keys when
encrypting emails. This could result in emails being encrypted with public
keys other than the one belonging to the intended recipient.
(CVE-2013-4166)
The Evolution packages have been upgraded to upstream version 2.32.3, which
provides a number of bug fixes and enhancements over the previous version.
These changes include implementation of Gnome XDG Config Folders, and
support for Exchange Web Services (EWS) protocol to connect to Microsoft
Exchange servers. EWS support has been added as a part of the
evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017,
BZ#524917, BZ#524921, BZ#883044)
The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#883019)
The libgdata packages have been upgraded to upstream version 0.6.4, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#883032)
This update also fixes the following bug:
All Evolution users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. All running instances of Evolution must be restarted for this
update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027176.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027182.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027197.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027199.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027200.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027201.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027202.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027219.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027220.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027226.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027252.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027285.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027297.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027317.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027320.html
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027370.html
Affected packages:
cheese
control-center
control-center-devel
control-center-extra
control-center-filesystem
ekiga
evolution
evolution-data-server
evolution-data-server-devel
evolution-data-server-doc
evolution-devel
evolution-devel-docs
evolution-exchange
evolution-help
evolution-mapi
evolution-mapi-devel
evolution-perl
evolution-pst
evolution-spamassassin
finch
finch-devel
gnome-panel
gnome-panel-devel
gnome-panel-libs
gnome-python2-applet
gnome-python2-brasero
gnome-python2-bugbuddy
gnome-python2-desktop
gnome-python2-evince
gnome-python2-evolution
gnome-python2-gnomedesktop
gnome-python2-gnomekeyring
gnome-python2-gnomeprint
gnome-python2-gtksourceview
gnome-python2-libgtop2
gnome-python2-libwnck
gnome-python2-metacity
gnome-python2-rsvg
gnome-python2-totem
gtkhtml3
gtkhtml3-devel
libgdata
libgdata-devel
libpurple
libpurple-devel
libpurple-perl
libpurple-tcl
nautilus-sendto
nautilus-sendto-devel
openchange
openchange-client
openchange-devel
openchange-devel-docs
pidgin
pidgin-devel
pidgin-docs
pidgin-perl
planner
planner-devel
planner-eds
totem
totem-devel
totem-jamendo
totem-mozplugin
totem-nautilus
totem-upnp
totem-youtube
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1540
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | cheese | < 2.28.1-8.el6 | cheese-2.28.1-8.el6.i686.rpm |
CentOS | 6 | x86_64 | cheese | < 2.28.1-8.el6 | cheese-2.28.1-8.el6.x86_64.rpm |
CentOS | 6 | i686 | control-center | < 2.28.1-39.el6 | control-center-2.28.1-39.el6.i686.rpm |
CentOS | 6 | i686 | control-center-devel | < 2.28.1-39.el6 | control-center-devel-2.28.1-39.el6.i686.rpm |
CentOS | 6 | i686 | control-center-extra | < 2.28.1-39.el6 | control-center-extra-2.28.1-39.el6.i686.rpm |
CentOS | 6 | i686 | control-center-filesystem | < 2.28.1-39.el6 | control-center-filesystem-2.28.1-39.el6.i686.rpm |
CentOS | 6 | i686 | control-center | < 2.28.1-39.el6 | control-center-2.28.1-39.el6.i686.rpm |
CentOS | 6 | x86_64 | control-center | < 2.28.1-39.el6 | control-center-2.28.1-39.el6.x86_64.rpm |
CentOS | 6 | i686 | control-center-devel | < 2.28.1-39.el6 | control-center-devel-2.28.1-39.el6.i686.rpm |
CentOS | 6 | x86_64 | control-center-devel | < 2.28.1-39.el6 | control-center-devel-2.28.1-39.el6.x86_64.rpm |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
72.9%