Mandriva Linux Security Advisory : evolution-data-server (MDVSA-2009:078)
High Nessus Plugin ID 37259
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy (CVE-2009-0547).
Crafted authentication challange packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client (CVE-2009-0582).
Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0587).
This update provides fixes for those vulnerabilities.
evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587.
SolutionUpdate the affected packages.