Vulmon
Amazon Linux 2 Security Advisory: ALAS-2020-1475
Advisory Release Date: 2020-08-18 19:31 Pacific
Advisory Updated Date: 2020-08-25 00:00 Pacific
Severity:
Medium
References:
CVE-2019-3890
Issue Overview:
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. (CVE-2019-3890)
Affected Packages:
evolution-data-server, evolution-ews
Issue Correction:
Run yum update evolution-data-server to update your system.
Run yum update evolution-ews to update your system.
New Packages:
aarch64:
evolution-data-server-3.28.5-4.amzn2.0.1.aarch64
evolution-data-server-devel-3.28.5-4.amzn2.0.1.aarch64
evolution-data-server-perl-3.28.5-4.amzn2.0.1.aarch64
evolution-data-server-tests-3.28.5-4.amzn2.0.1.aarch64
evolution-data-server-debuginfo-3.28.5-4.amzn2.0.1.aarch64
evolution-ews-3.28.5-5.amzn2.aarch64
evolution-ews-debuginfo-3.28.5-5.amzn2.aarch64
i686:
evolution-data-server-3.28.5-4.amzn2.0.1.i686
evolution-data-server-devel-3.28.5-4.amzn2.0.1.i686
evolution-data-server-perl-3.28.5-4.amzn2.0.1.i686
evolution-data-server-tests-3.28.5-4.amzn2.0.1.i686
evolution-data-server-debuginfo-3.28.5-4.amzn2.0.1.i686
evolution-ews-3.28.5-5.amzn2.i686
evolution-ews-debuginfo-3.28.5-5.amzn2.i686
noarch:
evolution-data-server-langpacks-3.28.5-4.amzn2.0.1.noarch
evolution-data-server-doc-3.28.5-4.amzn2.0.1.noarch
evolution-ews-langpacks-3.28.5-5.amzn2.noarch
src:
evolution-data-server-3.28.5-4.amzn2.0.1.src
evolution-ews-3.28.5-5.amzn2.src
x86_64:
evolution-data-server-3.28.5-4.amzn2.0.1.x86_64
evolution-data-server-devel-3.28.5-4.amzn2.0.1.x86_64
evolution-data-server-perl-3.28.5-4.amzn2.0.1.x86_64
evolution-data-server-tests-3.28.5-4.amzn2.0.1.x86_64
evolution-data-server-debuginfo-3.28.5-4.amzn2.0.1.x86_64
evolution-ews-3.28.5-5.amzn2.x86_64
evolution-ews-debuginfo-3.28.5-5.amzn2.x86_64