First Last Prev Next    This bug is not in your last search results.
Bug 1174712 - (CVE-2020-16117) VUL-1: CVE-2020-16117: evolution-data-server: a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid CAPABILITY line
(CVE-2020-16117)
VUL-1: CVE-2020-16117: evolution-data-server: a malicious server can crash th...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/264507/
CVSSv3.1:SUSE:CVE-2020-16117:5.3:(AV:...
:
Depends on:
Blocks: NOSTARTTLS
  Show dependency treegraph
 
Reported: 2020-07-30 07:57 UTC by Wolfgang Frisch
Modified: 2021-08-09 11:42 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-07-30 07:57:25 UTC 
CVE-2020-16117

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the
mail client with a NULL pointer dereference by sending an invalid (e.g.,
minimal) CAPABILITY line on a connection attempt. This is related to
imapx_free_capability and imapx_connect_to_server.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16117
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
Comment 1 Wolfgang Frisch 2020-07-30 08:06:29 UTC 
SUSE:SLE-11-SP1:Update   Not affected [1]
SUSE:SLE-11-SP3:Update   Not affected [1]
SUSE:SLE-12-SP2:Update   Affected
SUSE:SLE-12-SP3:Update   Affected
SUSE:SLE-15:Update       Affected
SUSE:SLE-15-SP2:Update   Affected

[1] Functionality does not exist.
Comment 3 Swamp Workflow Management 2021-03-19 20:59:13 UTC 
SUSE-SU-2021:0891-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1173910,1174712,1182882
CVE References: CVE-2020-14928,CVE-2020-16117
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    evolution-data-server-3.22.7-18.7.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    evolution-data-server-3.22.7-18.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2021-03-19 21:06:44 UTC 
SUSE-SU-2021:0885-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1173910,1174712,1182882
CVE References: CVE-2020-14928,CVE-2020-16117
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    evolution-data-server-3.20.6-17.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2021-03-24 17:18:08 UTC 
SUSE-SU-2021:0949-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1173910,1174712,1182882
CVE References: CVE-2020-14928,CVE-2020-16117
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    evolution-data-server-3.34.4-3.3.1, evolution-ews-3.34.4-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2021-03-27 23:16:43 UTC 
openSUSE-SU-2021:0482-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1173910,1174712,1182882
CVE References: CVE-2020-14928,CVE-2020-16117
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    evolution-data-server-3.34.4-lp152.2.3.1, evolution-ews-3.34.4-lp152.2.3.1
Comment 7 Wolfgang Frisch 2021-04-12 14:23:42 UTC 
Released.
First Last Prev Next    This bug is not in your last search results.