vulnerability
CentOS Linux: CVE-2020-14928: Low: evolution security and bug fix update (CESA-2020:4649)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | 2020-07-17 | 2020-11-05 | 2023-05-25 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
2020-07-17
Added
2020-11-05
Modified
2023-05-25
Description
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
Solution(s)
centos-upgrade-bogofiltercentos-upgrade-bogofilter-debuginfocentos-upgrade-bogofilter-debugsourcecentos-upgrade-evolutioncentos-upgrade-evolution-bogofiltercentos-upgrade-evolution-bogofilter-debuginfocentos-upgrade-evolution-data-servercentos-upgrade-evolution-data-server-debuginfocentos-upgrade-evolution-data-server-debugsourcecentos-upgrade-evolution-data-server-develcentos-upgrade-evolution-data-server-langpackscentos-upgrade-evolution-data-server-tests-debuginfocentos-upgrade-evolution-debuginfocentos-upgrade-evolution-debugsourcecentos-upgrade-evolution-helpcentos-upgrade-evolution-langpackscentos-upgrade-evolution-mapicentos-upgrade-evolution-mapi-debuginfocentos-upgrade-evolution-mapi-debugsourcecentos-upgrade-evolution-mapi-langpackscentos-upgrade-evolution-pstcentos-upgrade-evolution-pst-debuginfocentos-upgrade-evolution-spamassassincentos-upgrade-evolution-spamassassin-debuginfocentos-upgrade-openchangecentos-upgrade-openchange-client-debuginfocentos-upgrade-openchange-debuginfocentos-upgrade-openchange-debugsource
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.