Bugzilla – Bug 1173910
VUL-0: CVE-2020-14928: evolution-data-server: Response Injection via STARTTLS in SMTP and POP3
Last modified: 2021-08-09 11:41:10 UTC
CVE-2020-14928 Response Injection via STARTTLS in SMTP and POP3 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14928 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14928.html
Related commits at [1] and [2]. Upstream issue at [3]. Tracked as affected SLE12-SP3 SLE15 and and SLE15-SP2. It seems that version 2.X in SLE11-SP1 and SP3 is not affected but your feedback is also appreciated. No POC available [1] https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac [2] https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/b74b765188d96803814acf69a510a7160d9ee6c5 [3]https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
SUSE-SU-2021:0891-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1173910,1174712,1182882 CVE References: CVE-2020-14928,CVE-2020-16117 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): evolution-data-server-3.22.7-18.7.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): evolution-data-server-3.22.7-18.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0885-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1173910,1174712,1182882 CVE References: CVE-2020-14928,CVE-2020-16117 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): evolution-data-server-3.20.6-17.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0949-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1173910,1174712,1182882 CVE References: CVE-2020-14928,CVE-2020-16117 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP2 (src): evolution-data-server-3.34.4-3.3.1, evolution-ews-3.34.4-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0482-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1173910,1174712,1182882 CVE References: CVE-2020-14928,CVE-2020-16117 JIRA References: Sources used: openSUSE Leap 15.2 (src): evolution-data-server-3.34.4-lp152.2.3.1, evolution-ews-3.34.4-lp152.2.3.1
released