openSUSE Security Update : evolution-data-server (openSUSE-2021-482)

medium Nessus Plugin ID 148210

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for evolution-data-server fixes the following issues :

- CVE-2020-16117: Fix crash on malformed server response with minimal capabilities (bsc#1174712).

- CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 (bsc#1173910).

- Fix buffer overrun when parsing base64 data (bsc#1182882).

This update for evolution-ews fixes the following issue :

- Fix buffer overrun when parsing base64 data (bsc#1182882).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Solution

Update the affected evolution-data-server packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1173910

https://bugzilla.opensuse.org/show_bug.cgi?id=1174712

https://bugzilla.opensuse.org/show_bug.cgi?id=1182882

Plugin Details

Severity: Medium

ID: 148210

File Name: openSUSE-2021-482.nasl

Version: 1.3

Type: local

Agent: unix

Published: 3/29/2021

Updated: 1/8/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-14928

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:evolution-data-server, p-cpe:/a:novell:opensuse:evolution-data-server-32bit, p-cpe:/a:novell:opensuse:evolution-data-server-32bit-debuginfo, p-cpe:/a:novell:opensuse:evolution-data-server-debuginfo, p-cpe:/a:novell:opensuse:evolution-data-server-debugsource, p-cpe:/a:novell:opensuse:evolution-data-server-devel, p-cpe:/a:novell:opensuse:evolution-data-server-lang, p-cpe:/a:novell:opensuse:evolution-ews, p-cpe:/a:novell:opensuse:evolution-ews-debuginfo, p-cpe:/a:novell:opensuse:evolution-ews-debugsource, p-cpe:/a:novell:opensuse:evolution-ews-lang, p-cpe:/a:novell:opensuse:libcamel-1_2-62, p-cpe:/a:novell:opensuse:libcamel-1_2-62-32bit, p-cpe:/a:novell:opensuse:libcamel-1_2-62-32bit-debuginfo, p-cpe:/a:novell:opensuse:libcamel-1_2-62-debuginfo, p-cpe:/a:novell:opensuse:libebackend-1_2-10, p-cpe:/a:novell:opensuse:libebackend-1_2-10-32bit, p-cpe:/a:novell:opensuse:libebackend-1_2-10-32bit-debuginfo, p-cpe:/a:novell:opensuse:libebackend-1_2-10-debuginfo, p-cpe:/a:novell:opensuse:libebook-1_2-20, p-cpe:/a:novell:opensuse:libebook-1_2-20-32bit, p-cpe:/a:novell:opensuse:libebook-1_2-20-32bit-debuginfo, p-cpe:/a:novell:opensuse:libebook-1_2-20-debuginfo, p-cpe:/a:novell:opensuse:libebook-contacts-1_2-3, p-cpe:/a:novell:opensuse:libebook-contacts-1_2-3-32bit, p-cpe:/a:novell:opensuse:libebook-contacts-1_2-3-32bit-debuginfo, p-cpe:/a:novell:opensuse:libebook-contacts-1_2-3-debuginfo, p-cpe:/a:novell:opensuse:libecal-2_0-1, p-cpe:/a:novell:opensuse:libecal-2_0-1-32bit, p-cpe:/a:novell:opensuse:libecal-2_0-1-32bit-debuginfo, p-cpe:/a:novell:opensuse:libecal-2_0-1-debuginfo, p-cpe:/a:novell:opensuse:libedata-book-1_2-26, p-cpe:/a:novell:opensuse:libedata-book-1_2-26-32bit, p-cpe:/a:novell:opensuse:libedata-book-1_2-26-32bit-debuginfo, p-cpe:/a:novell:opensuse:libedata-book-1_2-26-debuginfo, p-cpe:/a:novell:opensuse:libedata-cal-2_0-1, p-cpe:/a:novell:opensuse:libedata-cal-2_0-1-32bit, p-cpe:/a:novell:opensuse:libedata-cal-2_0-1-32bit-debuginfo, p-cpe:/a:novell:opensuse:libedata-cal-2_0-1-debuginfo, p-cpe:/a:novell:opensuse:libedataserver-1_2-24, p-cpe:/a:novell:opensuse:libedataserver-1_2-24-32bit, p-cpe:/a:novell:opensuse:libedataserver-1_2-24-32bit-debuginfo, p-cpe:/a:novell:opensuse:libedataserver-1_2-24-debuginfo, p-cpe:/a:novell:opensuse:libedataserverui-1_2-2, p-cpe:/a:novell:opensuse:libedataserverui-1_2-2-32bit, p-cpe:/a:novell:opensuse:libedataserverui-1_2-2-32bit-debuginfo, p-cpe:/a:novell:opensuse:libedataserverui-1_2-2-debuginfo, p-cpe:/a:novell:opensuse:typelib-1_0-camel-1_2, p-cpe:/a:novell:opensuse:typelib-1_0-ebackend-1_2, p-cpe:/a:novell:opensuse:typelib-1_0-ebook-1_2, p-cpe:/a:novell:opensuse:typelib-1_0-ebookcontacts-1_2, p-cpe:/a:novell:opensuse:typelib-1_0-ecal-2_0, p-cpe:/a:novell:opensuse:typelib-1_0-edatabook-1_2, p-cpe:/a:novell:opensuse:typelib-1_0-edatacal-2_0, p-cpe:/a:novell:opensuse:typelib-1_0-edataserver-1_2, p-cpe:/a:novell:opensuse:typelib-1_0-edataserverui-1_2, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/27/2021

Vulnerability Publication Date: 7/17/2020

Reference Information

CVE: CVE-2020-14928, CVE-2020-16117