========================================================================== Ubuntu Security Notice USN-4429-1 July 22, 2020 evolution-data-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Evolution Data Server could be made to expose sensitive information over the network. Software Description: - evolution-data-server: Evolution suite data server Details: It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: evolution-data-server 3.36.3-0ubuntu1.1 evolution-data-server-common 3.36.3-0ubuntu1.1 libcamel-1.2-62 3.36.3-0ubuntu1.1 libebackend-1.2-10 3.36.3-0ubuntu1.1 libedataserver-1.2-24 3.36.3-0ubuntu1.1 Ubuntu 18.04 LTS: evolution-data-server 3.28.5-0ubuntu0.18.04.3 evolution-data-server-common 3.28.5-0ubuntu0.18.04.3 libcamel-1.2-61 3.28.5-0ubuntu0.18.04.3 libebackend-1.2-10 3.28.5-0ubuntu0.18.04.3 libedataserver-1.2-23 3.28.5-0ubuntu0.18.04.3 Ubuntu 16.04 LTS: evolution-data-server 3.18.5-1ubuntu1.3 evolution-data-server-common 3.18.5-1ubuntu1.3 libcamel-1.2-54 3.18.5-1ubuntu1.3 libebackend-1.2-10 3.18.5-1ubuntu1.3 libedataserver-1.2-21 3.18.5-1ubuntu1.3 After a standard system update you need to restart your session to make all the necessary changes. References: https://usn.ubuntu.com/4429-1 CVE-2020-14928 Package Information: https://launchpad.net/ubuntu/+source/evolution-data-server/3.36.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/evolution-data-server/3.28.5-0ubuntu0.18.04.3 https://launchpad.net/ubuntu/+source/evolution-data-server/3.18.5-1ubuntu1.3