openSUSE Security Update : evolution-data-server (openSUSE-2021-482)

This update for evolution-data-server fixes the following issues : - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910. - Fix buffer overrun when parsing base64 data bsc1182882...

OPENSUSE-SU-2021:0482-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910. - Fix buffer overrun when parsing base64 data bsc1182882...

Security update for evolution-data-server (moderate)

openSUSE Security Update: Security update for evolution-data-server Announcement ID: openSUSE-SU-2021:0482-1 Rating: moderate References: 1173910 1174712 1182882 Cross-References: CVE-2020-14928 CVE-2020-16117 CVSS scores: CVE-2020-14928 NVD : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N...

SUSE-SU-2021:0949-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910. - Fix buffer overrun when parsing base64 data bsc1182882...

[SECURITY] Fedora 34 Update: gnome-calendar-40~rc-1.fc34

Calendar is a simple and beautiful calendar application designed to fit GNOME 3. Features: Week, month and year views Basic editing of events Evolution Data Server integration Search support...

[SECURITY] Fedora 34 Update: evolution-data-server-3.39.3-1.fc34

The evolution-data-server package provides a unified backend for programs t hat work with contacts, tasks, and calendar information. It was originally developed for Evolution hence the name, but is now used by other packages...

Fedora: Security Advisory for evolution-data-server (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:0891-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - Fix buffer overrun when parsing base64 data bsc1182882. - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910...

SUSE-SU-2021:0885-1 Security update for evolution-data-server

This update for evolution-data-server fixes the following issues: - Fix buffer overrun when parsing base64 data bsc1182882. - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities bsc1174712. - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 bsc1173910...

EulerOS 2.0 SP2 : evolution-data-server (EulerOS-SA-2021-1293)

According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a 'begin...

Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2021-1293)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : evolution (CESA-2020:4649)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4649 advisory. - evolution-data-server: Response injection via STARTTLS in SMTP and POP3 CVE-2020-14928 Note that Nessus has not tested for this issue but has instead relied...

EulerOS 2.0 SP3 : evolution-data-server (EulerOS-SA-2021-1065)

According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers ...

Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2021-1065)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : evolution-data-server (EulerOS-SA-2020-2544)

According to the version of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to...

Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2020-2544)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : evolution-data-server Vulnerability (NS-SA-2020-0075)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has evolution-data-server packages installed that are affected by a vulnerability: - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get...

NewStart CGSL CORE 5.05 / MAIN 5.05 : evolution-data-server Vulnerability (NS-SA-2020-0114)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has evolution-data-server packages installed that are affected by a vulnerability: - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get...

Oracle Linux 8 : evolution (ELSA-2020-4649)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4649 advisory. - Resolves: 1859141 CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3 evolution-mapi Tenable has extracted the preceding description block direct...

TLS Response Injection

evolution-data-server is vulnerable to TLS response injection. When a server sends a 'begin TLS' response, eds reads additional data and evaluates it in a TLS context, aka "response injection" causing a STARTTLS buffering issue that affects SMTP and POP3...