ELSA-2019-3699

Опубликовано: 14 нояб. 2019

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2019-3699: evolution security and bug fix update (MODERATE)

evolution [3.28.5-9]

Add patch for RH bug #1724984 ([ECompEditor] Ensure attendee changes stored before save)

[3.28.5-8]

Add patch for RH bug #1724659 (Make sure intltool-merge cache is created only once)

[3.28.5-7]

Add patch for RH bug #1724232 (Help Contents (F1) has a bad link to GNOME site)

evolution-data-server [3.28.5-11]

Update patch for RH bug #1713619 (test-cal-client-get-revision could fail due to delayed D-Bus property change notification)

[3.28.5-10]

Add patch related to evolution-ews CVE-2019-3890 (RH bug #1696763)

evolution-ews [3.28.5-5]

Rebuild with added gating

[3.28.5-4]

Add patch for RH bug #1696761 (CVE-2019-3890 - SSL Certificates are not validated)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

evolution-data-server-doc

3.28.5-11.el8

Oracle Linux x86_64

evolution

3.28.5-9.el8

evolution-bogofilter

3.28.5-9.el8

evolution-data-server

3.28.5-11.el8

evolution-data-server-devel

3.28.5-11.el8

evolution-data-server-doc

3.28.5-11.el8

evolution-data-server-langpacks

3.28.5-11.el8

evolution-data-server-perl

3.28.5-11.el8

evolution-data-server-tests

3.28.5-11.el8

evolution-devel

3.28.5-9.el8

evolution-ews

3.28.5-5.el8

evolution-ews-langpacks

3.28.5-5.el8

evolution-help

3.28.5-9.el8

evolution-langpacks

3.28.5-9.el8

evolution-pst

3.28.5-9.el8

evolution-spamassassin

3.28.5-9.el8

Связанные CVE

CVE-2019-3890

Ссылки на источники

Связанные уязвимости

CVE-2019-3890

CVSS3: 8.1

ubuntu

больше 6 лет назад

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.