atk-2.28.1-2.el7evolution-data-server-3.28.5-4.el7evolution-ews-3.28.5-5.el7evolution-3.28.5-8.el7

エラータID: AXSA:2020-4566:01

Release date: 
Thursday, April 2, 2020 - 08:50
Subject: 
atk-2.28.1-2.el7evolution-data-server-3.28.5-4.el7evolution-ews-3.28.5-5.el7evolution-3.28.5-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality.

The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications.

Security Fix(es):

* evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages (CVE-2018-15587)

* evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts (CVE-2019-3890)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2018-15587
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
CVE-2019-3890
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. atk-2.28.1-2.el7.src.rpm
    MD5: ade0382a441c7ed3f1455523c8a07414
    SHA-256: 99652d3fc7c1f6a3727e873b43281b070893d1aa906d6e5f1a48f0dfeffbc8df
    Size: 713.58 kB
  2. evolution-data-server-3.28.5-4.el7.src.rpm
    MD5: 24b01a2ac48328e940dbb5537e630672
    SHA-256: 46cb79a4f1b961dc3f6e9de7d99778475980524c5f70642237026000ed2b1415
    Size: 4.33 MB
  3. evolution-ews-3.28.5-5.el7.src.rpm
    MD5: 836df04e8d92d37a3142ad8f0ac0ebf1
    SHA-256: 89b360547ed5aa724801bb172d6b8e661710bd0f963a74b746f87c4149719cd4
    Size: 526.51 kB
  4. evolution-3.28.5-8.el7.src.rpm
    MD5: 392ac9ab9cfc8e8eae55a862f7b3208e
    SHA-256: 8363516a0facb99214bb1f271df06d097e2cb6ed969e7dc668499bec123af6d6
    Size: 11.64 MB

Asianux Server 7 for x86_64
  1. atk-2.28.1-2.el7.x86_64.rpm
    MD5: c5aadcd0597a5eca5db3a9fc924206ad
    SHA-256: ba7ece4efeac6630b9672b9411c054296c53eebedf053ed8bee7d3cde121ca56
    Size: 261.79 kB
  2. atk-devel-2.28.1-2.el7.x86_64.rpm
    MD5: a482fe8dbec71ca72d70ed4aeafbb82d
    SHA-256: 77b53d598fb664da235ef1d492d32acdb72dfbfbb062b44e3375d2eb349ca567
    Size: 183.27 kB
  3. evolution-data-server-3.28.5-4.el7.x86_64.rpm
    MD5: 4a17013c8deed990c676fedcbafd6bc8
    SHA-256: 0d239e31fdbe35c0c0aedff3672cd96b8049b0cb18e926d859cfe186832478a6
    Size: 2.08 MB
  4. evolution-data-server-devel-3.28.5-4.el7.x86_64.rpm
    MD5: 02daa22e63f50dc107c9fe27566dbf75
    SHA-256: d33ab10ca26ad94e57cbdcf97764911c8b1f56220da62be657c71fea772eaaa6
    Size: 556.68 kB
  5. evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpm
    MD5: d72983e72a6eb579ae21dc2f36e481d3
    SHA-256: 3a23de0078385668a9997bb5b17f0e0ae188018634cd3626fba8470238767926
    Size: 1.42 MB
  6. evolution-ews-3.28.5-5.el7.x86_64.rpm
    MD5: 2398101b2c0a73681cd9ac14d5da2dcd
    SHA-256: 41aa74ac617570647ffff804d0fe132719b75bf8fb8dcbd31f19c5f3c43951de
    Size: 376.67 kB
  7. evolution-ews-langpacks-3.28.5-5.el7.noarch.rpm
    MD5: c72daa3ecc6cf8d4106ee475649321b5
    SHA-256: 06e84366cbc654457b0b462218a5806513c6dcdb8c97602d663d49a74983f340
    Size: 156.05 kB
  8. evolution-3.28.5-8.el7.x86_64.rpm
    MD5: 0966b521fad4340b844ee92e0c8f7dd6
    SHA-256: 784e582773398f66acc545362e0087ffb40946dd563ea781c56ae1c296723d71
    Size: 3.93 MB
  9. evolution-bogofilter-3.28.5-8.el7.x86_64.rpm
    MD5: 1e56a4f02911e8dbec132b792b9674fb
    SHA-256: e65cab91f0e0849d17cc8ff1340b9b40c374a48bd282feeb4b8f2b0d9ea7608e
    Size: 14.09 kB
  10. evolution-help-3.28.5-8.el7.noarch.rpm
    MD5: c5870bb8c4bd72c3c711abfeb2b69e10
    SHA-256: 3eab9b2669e8a96f2435ab4bb71665f059813f15e8ee0e0465677e2f1d82a201
    Size: 2.12 MB
  11. evolution-langpacks-3.28.5-8.el7.noarch.rpm
    MD5: 0a742c2799044a6f165b170c76782478
    SHA-256: 032dbad3f82a70368eacbc2c22e5e00e880755e0e25d2bc39e7c5fa700e749ec
    Size: 6.13 MB
  12. evolution-pst-3.28.5-8.el7.x86_64.rpm
    MD5: e8759fc7b3fabedbe807fe54f6bedcd4
    SHA-256: dff8331bd7fa4c1191df5ab0a6fa7d99232b3ba759a1bee21bfd65d241371612
    Size: 26.40 kB
  13. evolution-spamassassin-3.28.5-8.el7.x86_64.rpm
    MD5: 578117e936c434b076bcb82125d644b6
    SHA-256: fade4a632570a28ae153b3b86bbd10e7928938a4687fcb44cf70e3a3012ac94d
    Size: 15.29 kB
  14. atk-2.28.1-2.el7.i686.rpm
    MD5: d13b464e167d15e38d17114db9ce78f7
    SHA-256: da431da5d200379d62368613de91aebc2d786c7447cbd1e75a94dcb3ab6f11da
    Size: 260.62 kB
  15. atk-devel-2.28.1-2.el7.i686.rpm
    MD5: 6f2897a9d8bb3cb7b86e0c138f34b449
    SHA-256: cddad20aa7d1e961851f9f8f0e8ca21135cd77a1a17b4fffbb17f5726e7c996e
    Size: 183.31 kB
  16. evolution-data-server-3.28.5-4.el7.i686.rpm
    MD5: 04f5ced2bfb6b65478257bdbdbbc2be5
    SHA-256: 9dd230f3cfe3e4b79167f7428751e54352c06b08aed0851672642d622793545e
    Size: 2.03 MB
  17. evolution-data-server-devel-3.28.5-4.el7.i686.rpm
    MD5: 39ea05ab2a34738ebbb08b54dc0ee3ed
    SHA-256: 4491a020d147e3f1e90fca08a3a8b9b1079bc505619ce6b393c1070e9f064048
    Size: 556.65 kB
  18. evolution-ews-3.28.5-5.el7.i686.rpm
    MD5: 038880c7eb2cff4ebfd0f3d679179f84
    SHA-256: aa6edcf6c9030b757dd3611b155421c04e73d1beecf405be8ac127fd0858e1c9
    Size: 370.18 kB
  19. evolution-3.28.5-8.el7.i686.rpm
    MD5: 7e5f31357ce9c696344bd279adb78bd7
    SHA-256: 77c23aedd1c20e64b68c21d54dbde17311470d7bc37ce1979ddb0e0898f12186
    Size: 3.89 MB