The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - evolution: incorrect selection of recipient gpg public key for encrypted mail (CVE-2013-4166)

  - GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the     attachment parameter to a mailto: URL, which attaches the file to the email. (CVE-2011-3201)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

Updated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment.

A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient.
(CVE-2013-4166)

The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017, BZ#524917, BZ#524921, BZ#883044)

The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#883019)

The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#883032)

This update also fixes the following bug :

* The Exchange Calendar could not fetch the 'Free' and 'Busy' information for meeting attendees when using Microsoft Exchange 2010 servers, and this information thus could not be displayed. This happened because Microsoft Exchange 2010 servers use more strict rules for 'Free' and 'Busy' information fetching. With this update, the respective code in the openchange packages has been modified so the 'Free' and 'Busy' information fetching now complies with the fetching rules on Microsoft Exchange 2010 servers. The 'Free' and 'Busy' information can now be displayed as expected in the Exchange Calendar.
(BZ#665967)

All Evolution users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Evolution must be restarted for this update to take effect.

A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient.
(CVE-2013-4166)

The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages.

The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version.

The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version.

This update also fixes the following bug :

  - The Exchange Calendar could not fetch the 'Free' and     'Busy' information for meeting attendees when using     Microsoft Exchange 2010 servers, and this information     thus could not be displayed. This happened because     Microsoft Exchange 2010 servers use more strict rules     for 'Free' and 'Busy' information fetching. With this     update, the respective code in the openchange packages     has been modified so the 'Free' and 'Busy' information     fetching now complies with the fetching rules on     Microsoft Exchange 2010 servers. The 'Free' and 'Busy'     information can now be displayed as expected in the     Exchange Calendar.

All running instances of Evolution must be restarted for this update to take effect.

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1540 advisory.

    - Add patch for RH bug #990380 (CVE-2013-4166)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Yves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
198437	RHEL 5 : evolution (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
79158	CentOS 6 : cheese / control-center / ekiga / evolution / evolution-data-server / etcgnome-panel / etc (CESA-2013:1540)	Nessus	CentOS Local Security Checks	high
71298	Scientific Linux Security Update : evolution on SL6.x i386/x86_64 (20131121)	Nessus	Scientific Linux Local Security Checks	high
71126	Oracle Linux 6 : evolution (ELSA-2013-1540)	Nessus	Oracle Linux Local Security Checks	high
71001	RHEL 6 : evolution (RHSA-2013:1540)	Nessus	Red Hat Local Security Checks	high
69174	Ubuntu 12.04 LTS / 12.10 / 13.04 : evolution-data-server vulnerability (USN-1922-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2013-4166

high

Tenable Plugins

high

high

high

high

high

high