Fedora Core 10 FEDORA-2009-2784 (evolution-data-server)

Summary
The remote host is missing an update to evolution-data-server announced via advisory FEDORA-2009-2784.
Solution
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update evolution-data-server' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2784
Insight
Update Information: This update fixes two security issues: Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) ChangeLog: * Tue Mar 17 2009 Matthew Barnes - 2.25.5-4.fc10 - Add patch for RH bug #484925 (CVE-2009-0547, S/MIME signatures). - Add patch for RH bug #487685 (CVE-2009-0582, NTLM authentication). * Fri Mar 13 2009 Matthew Barnes - 2.25.5-3.fc10 - Revise patch for RH bug #568332 to match upstream commit. * Thu Mar 12 2009 Matthew Barnes - 2.25.5-2.fc10 - Add patch for RH bug #568332 (thread leak in fsync() rate limiting).
References