| Description: | Summary:
The remote host is missing an update for the Debian 'evolution-data-server' package(s) announced via the DSA-1813-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-0587
It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings.
CVE-2009-0547
Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks.
CVE-2009-0582
It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service.
For the oldstable distribution (etch), these problems have been fixed in version 1.6.3-5etch2.
For the stable distribution (lenny), these problems have been fixed in version 2.22.3-1.1+lenny1.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 2.26.1.1-1.
We recommend that you upgrade your evolution-data-server packages.
Affected Software/OS:
'evolution-data-server' package(s) on Debian 4, Debian 5.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
