CVE-2009-0547

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-0547 at MITRE

Description

Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 475108

SUSE Security Advisories:

SUSE-SR:2010:006, published Mon, 15 Mar 2010 11:11:00 +0000
SUSE-SR:2010:011, published Mon, 10 May 2010 14:00:00 +0000
SUSE-SR:2010:012, published Tue, 25 May 2010 12:00:00 +0000
openSUSE-SU-2010:0216-1, published Wed, 5 May 2010 13:08:11 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.0	`evolution-data-server-debuginfo >= 2.22.1.1-11.6` `evolution-data-server-debugsource >= 2.22.1.1-11.6`
openSUSE 11.0	`evolution-data-server >= 2.22.1.1-11.6` `evolution-data-server-32bit >= 2.22.1.1-11.6` `evolution-data-server-64bit >= 2.22.1.1-11.6` `evolution-data-server-devel >= 2.22.1.1-11.6` `evolution-data-server-doc >= 2.22.1.1-11.6`
SUSE Linux Enterprise 11 GA DEBUGINFO	`evolution-data-server-debuginfo >= 2.24.1.1-11.12.1` `evolution-data-server-debugsource >= 2.24.1.1-11.12.1`	sle11-debuginfo.x86-64 sle11-debuginfo.x86 sle11-sdk.s390x sle11-debuginfo.s390x sles11.x86-64 sles11.ppc sled11.x86 sle11-sdk.x86-64 sled11.x86-64 sles11.ia64 sle11-sdk.x86 sle11-debuginfo.ppc sle11-sdk.ia64 sles11.x86 sle11-debuginfo.ia64 sle11-sdk.ppc sles11.s390x SAT Patch Nr: 1944
SUSE Linux Enterprise 11 GA DEBUGINFO	`evolution-data-server-debuginfo >= 2.24.1.1-11.12.1` `evolution-data-server-debuginfo-x86 >= 2.24.1.1-11.12.1` `evolution-data-server-debugsource >= 2.24.1.1-11.12.1`	sle11-debuginfo.x86-64 sle11-debuginfo.x86 sle11-sdk.s390x sle11-debuginfo.s390x sles11.x86-64 sles11.ppc sled11.x86 sle11-sdk.x86-64 sled11.x86-64 sles11.ia64 sle11-sdk.x86 sle11-debuginfo.ppc sle11-sdk.ia64 sles11.x86 sle11-debuginfo.ia64 sle11-sdk.ppc sles11.s390x SAT Patch Nr: 1944
SUSE Linux Enterprise 11 GA DEBUGINFO	`evolution-data-server-debuginfo >= 2.24.1.1-11.12.1` `evolution-data-server-debuginfo-32bit >= 2.24.1.1-11.12.1` `evolution-data-server-debugsource >= 2.24.1.1-11.12.1`	sle11-debuginfo.x86-64 sle11-debuginfo.x86 sle11-sdk.s390x sle11-debuginfo.s390x sles11.x86-64 sles11.ppc sled11.x86 sle11-sdk.x86-64 sled11.x86-64 sles11.ia64 sle11-sdk.x86 sle11-debuginfo.ppc sle11-sdk.ia64 sles11.x86 sle11-debuginfo.ia64 sle11-sdk.ppc sles11.s390x SAT Patch Nr: 1944
SUSE Linux Enterprise SDK 11 GA	`evolution-data-server-devel >= 2.24.1.1-11.12.1`	sle11-debuginfo.x86-64 sle11-debuginfo.x86 sle11-sdk.s390x sle11-debuginfo.s390x sles11.x86-64 sles11.ppc sled11.x86 sle11-sdk.x86-64 sled11.x86-64 sles11.ia64 sle11-sdk.x86 sle11-debuginfo.ppc sle11-sdk.ia64 sles11.x86 sle11-debuginfo.ia64 sle11-sdk.ppc sles11.s390x SAT Patch Nr: 1944
SUSE Linux Enterprise Desktop 11 GA SUSE Linux Enterprise Server 11 GA	`evolution-data-server >= 2.24.1.1-11.12.1` `evolution-data-server-lang >= 2.24.1.1-11.12.1`	sle11-debuginfo.x86-64 sle11-debuginfo.x86 sle11-sdk.s390x sle11-debuginfo.s390x sles11.x86-64 sles11.ppc sled11.x86 sle11-sdk.x86-64 sled11.x86-64 sles11.ia64 sle11-sdk.x86 sle11-debuginfo.ppc sle11-sdk.ia64 sles11.x86 sle11-debuginfo.ia64 sle11-sdk.ppc sles11.s390x SAT Patch Nr: 1944
SUSE Linux Enterprise Server 11 GA	`evolution-data-server >= 2.24.1.1-11.12.1` `evolution-data-server-lang >= 2.24.1.1-11.12.1` `evolution-data-server-x86 >= 2.24.1.1-11.12.1`	sle11-debuginfo.x86-64 sle11-debuginfo.x86 sle11-sdk.s390x sle11-debuginfo.s390x sles11.x86-64 sles11.ppc sled11.x86 sle11-sdk.x86-64 sled11.x86-64 sles11.ia64 sle11-sdk.x86 sle11-debuginfo.ppc sle11-sdk.ia64 sles11.x86 sle11-debuginfo.ia64 sle11-sdk.ppc sles11.s390x SAT Patch Nr: 1944
SUSE Linux Enterprise Desktop 11 GA SUSE Linux Enterprise Server 11 GA	`evolution-data-server >= 2.24.1.1-11.12.1` `evolution-data-server-32bit >= 2.24.1.1-11.12.1` `evolution-data-server-lang >= 2.24.1.1-11.12.1`	sle11-debuginfo.x86-64 sle11-debuginfo.x86 sle11-sdk.s390x sle11-debuginfo.s390x sles11.x86-64 sles11.ppc sled11.x86 sle11-sdk.x86-64 sled11.x86-64 sles11.ia64 sle11-sdk.x86 sle11-debuginfo.ppc sle11-sdk.ia64 sles11.x86 sle11-debuginfo.ia64 sle11-sdk.ppc sles11.s390x SAT Patch Nr: 1944
SUSE Linux Enterprise Desktop 10 SP3 for x86 SUSE Linux Enterprise Server 10 SP3	`evolution-data-server >= 1.6.0-43.92.1` `evolution-data-server-devel >= 1.6.0-43.92.1`	sles10-sp3.ppc sles10-sp3.ia64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.x86-64 sled10-sp3.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3-debuginfo.ia64 sles10-sp3.s390x sles10-sp3.x86 sles10-sp3-debuginfo.s390x ZYPP Patch Nr: 7029
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3	`evolution-data-server >= 1.6.0-43.92.1` `evolution-data-server-32bit >= 1.6.0-43.92.1` `evolution-data-server-devel >= 1.6.0-43.92.1`	sles10-sp3.ppc sles10-sp3.ia64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.x86-64 sled10-sp3.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3-debuginfo.ia64 sles10-sp3.s390x sles10-sp3.x86 sles10-sp3-debuginfo.s390x ZYPP Patch Nr: 7029
SUSE Linux Enterprise Server 10 SP3 DEBUGINFO	`evolution-data-server-debuginfo >= 1.6.0-43.92.1`	sles10-sp3.ppc sles10-sp3.ia64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.x86-64 sled10-sp3.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3-debuginfo.ia64 sles10-sp3.s390x sles10-sp3.x86 sles10-sp3-debuginfo.s390x ZYPP Patch Nr: 7029
SUSE Linux Enterprise Server 10 SP3	`evolution-data-server >= 1.6.0-43.92.1` `evolution-data-server-devel >= 1.6.0-43.92.1` `evolution-data-server-x86 >= 1.6.0-43.92.1`	sles10-sp3.ppc sles10-sp3.ia64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.x86-64 sled10-sp3.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3-debuginfo.ia64 sles10-sp3.s390x sles10-sp3.x86 sles10-sp3-debuginfo.s390x ZYPP Patch Nr: 7029
SUSE Linux Enterprise Server 10 SP3	`evolution-data-server >= 1.6.0-43.92.1` `evolution-data-server-64bit >= 1.6.0-43.92.1` `evolution-data-server-devel >= 1.6.0-43.92.1`	sles10-sp3.ppc sles10-sp3.ia64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.x86-64 sled10-sp3.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3-debuginfo.ia64 sles10-sp3.s390x sles10-sp3.x86 sles10-sp3-debuginfo.s390x ZYPP Patch Nr: 7029

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy