USN-3998-1: Evolution Data Server vulnerability

30 May 2019

evolution-data-server vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Evolution Data Server would sometimes display email content as encrypted when it was not.

Software Description

  • evolution-data-server - Evolution suite data server

Details

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
evolution-data-server - 3.28.5-0ubuntu0.18.04.2
evolution-data-server-common - 3.28.5-0ubuntu0.18.04.2
libcamel-1.2-61 - 3.28.5-0ubuntu0.18.04.2
libebackend-1.2-10 - 3.28.5-0ubuntu0.18.04.2
libedataserver-1.2-23 - 3.28.5-0ubuntu0.18.04.2
Ubuntu 16.04 LTS
evolution-data-server - 3.18.5-1ubuntu1.2
evolution-data-server-common - 3.18.5-1ubuntu1.2
libcamel-1.2-54 - 3.18.5-1ubuntu1.2
libebackend-1.2-10 - 3.18.5-1ubuntu1.2
libedataserver-1.2-21 - 3.18.5-1ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Evolution to make all the necessary changes.

References