Lucene search
Gentoo FoundationMGASA-2020-0351HistoryAug 28, 2020 - 5:46 p.m.
Updated evolution-data-server packages fix security vulnerabilities
2020-08-2817:46:59
Gentoo Foundation
advisories.mageia.org
12
0.004 Low
EPSS
Percentile
73.3%
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a “begin TLS” response, eds reads additional data and evaluates it in a TLS context, aka “response injection”. (CVE-2020-14928) In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. (CVE-2020-16117)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | evolution-data-server | < 3.32.2-1.2 | evolution-data-server-3.32.2-1.2.mga7 |
Related
nessus
nessus
openSUSE Security Update : evolution-data-server (openSUSE-2021-482)
2021-03-29 00:00:00
EulerOS 2.0 SP5 : evolution-data-server (EulerOS-SA-2020-2243)
2020-10-30 00:00:00
EulerOS 2.0 SP2 : evolution-data-server (EulerOS-SA-2021-1293)
2021-02-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2020-2243)
2020-10-30 00:00:00
Mageia: Security Advisory (MGASA-2020-0351)
2022-01-28 00:00:00
suse
suse
Security update for evolution-data-server (moderate)
2021-03-28 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1831
2021-07-02 16:39:45
osv
osv
evolution-data-server - security update
2020-08-02 00:00:00
Low: evolution security, bug fix, and enhancement update
2021-05-18 06:00:34
Low: evolution security, bug fix, and enhancement update
2021-05-18 06:00:34
veracode
veracode
Denial Of Service (DoS)
2021-05-20 15:27:37
TLS Response Injection
2020-11-05 03:10:35
rocky
rocky
evolution security, bug fix, and enhancement update
2021-05-18 06:00:34
evolution security and bug fix update
2020-11-03 12:23:41
debian
debian
[SECURITY] [DLA 2309-1] evolution-data-server security update
2020-08-02 21:17:48
[SECURITY] [DSA 4725-1] evolution-data-server security update
2020-07-15 20:42:34
[SECURITY] [DLA 2281-1] evolution-data-server security update
2020-07-16 09:15:40
cvelist
cvelist
CVE-2020-16117
2020-07-29 17:59:10
CVE-2020-14928
2020-07-17 15:30:42
redhatcve
redhatcve
CVE-2020-16117
2020-07-30 14:13:39
CVE-2020-14928
2020-07-15 23:07:28
cve
cve
CVE-2020-16117
2020-07-29 18:15:00
CVE-2020-14928
2020-07-17 16:15:00
prion
prion
Null pointer dereference
2020-07-29 18:15:00
Design/Logic Flaw
2020-07-17 16:15:00
redhat
redhat
(RHSA-2021:1752) Low: evolution security, bug fix, and enhancement update
2021-05-18 06:00:34
(RHSA-2020:4649) Low: evolution security and bug fix update
2020-11-03 12:23:41
oraclelinux
oraclelinux
evolution security, bug fix, and enhancement update
2021-05-25 00:00:00
evolution security and bug fix update
2020-11-10 00:00:00
almalinux
almalinux
Low: evolution security, bug fix, and enhancement update
2021-05-18 06:00:34
Low: evolution security and bug fix update
2020-11-03 12:23:41
debiancve
debiancve
CVE-2020-16117
2020-07-29 18:15:00
CVE-2020-14928
2020-07-17 16:15:00
ubuntucve
ubuntucve
CVE-2020-16117
2020-07-29 00:00:00
CVE-2020-14928
2020-07-08 00:00:00
ubuntu
ubuntu
Evolution Data Server vulnerability
2020-07-22 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: evolution-data-server-3.34.4-2.fc31
2020-08-01 01:18:31