Fedora Core 9 FEDORA-2009-2792 (evolution-data-server)

The remote host is missing an update to evolution-data-server announced via advisory FEDORA-2009-2792.

Update Information: This update fixes two security issues: Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) ChangeLog: * Tue Mar 17 2009 Matthew Barnes - 2.22.3-3.fc9 - Add patch for RH bug #484925 (CVE-2009-0547, S/MIME signatures). - Add patch for RH bug #487685 (CVE-2009-0582, NTLM authentication).

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update evolution-data-server' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2792