USN-3998-1: Evolution Data Server vulnerability
evolution-data-server vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary
Evolution Data Server would sometimes display email content as encrypted
when it was not.
Software Description
- evolution-data-server – Evolution suite data server
Details
Marcus Brinkmann discovered that Evolution Data Server did not correctly
interpret the output from GPG when decrypting encrypted messages. Under
certain circumstances, this could result in displaying clear-text portions
of encrypted messages as though they were encrypted.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.04 LTS
- evolution-data-server – 3.28.5-0ubuntu0.18.04.2
- evolution-data-server-common – 3.28.5-0ubuntu0.18.04.2
- libcamel-1.2-61 – 3.28.5-0ubuntu0.18.04.2
- libebackend-1.2-10 – 3.28.5-0ubuntu0.18.04.2
- libedataserver-1.2-23 – 3.28.5-0ubuntu0.18.04.2
- Ubuntu 16.04 LTS
- evolution-data-server – 3.18.5-1ubuntu1.2
- evolution-data-server-common – 3.18.5-1ubuntu1.2
- libcamel-1.2-54 – 3.18.5-1ubuntu1.2
- libebackend-1.2-10 – 3.18.5-1ubuntu1.2
- libedataserver-1.2-21 – 3.18.5-1ubuntu1.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Evolution to make
all the necessary changes.
References
Source: USN-3998-1: Evolution Data Server vulnerability
