安全公告详情

NS-SA-2021-0128

2021-09-24 00:31:58

简介

important: wpa_supplicant/evolution-data-server security update

严重级别

important

主题

An update for wpa_supplicant/evolution-data-server is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

wpa_supplicant: This package provides debug sources for package wpa_supplicant. Debug sources are useful when developing applications that use this package or when debugging this package.
evolution-data-server: This package contains supplemental utilities for evolution-data-server that require Perl.


Security Fix(es):
wpa_supplicant: A flaw was found in the wpa_supplicant, in the way it processes P2P (Wi-Fi Direct) provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpa_supplicant process or potentially cause code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-27803)
wpa_supplicant: bugfix
evolution-data-server: (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."(CVE-2020-14928)
evolution-data-server: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.60B5.

影响组件

  • wpa_supplicant
  • evolution-data-server

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["wpa_supplicant-2.9-2.el8_3.1.x86_64.rpm","wpa_supplicant-debugsource-2.9-2.el8_3.1.x86_64.rpm","wpa_supplicant-debuginfo-2.9-2.el8_3.1.x86_64.rpm"],"source":"wpa_supplicant-2.9-2.el8_3.1.src.rpm"},{"binary":["evolution-data-server-perl-3.28.5-14.el8.x86_64.rpm","evolution-data-server-debuginfo-3.28.5-14.el8.x86_64.rpm","evolution-data-server-doc-3.28.5-14.el8.noarch.rpm","evolution-data-server-tests-debuginfo-3.28.5-14.el8.x86_64.rpm","evolution-data-server-tests-3.28.5-14.el8.x86_64.rpm","evolution-data-server-debugsource-3.28.5-14.el8.x86_64.rpm","evolution-data-server-devel-3.28.5-14.el8.x86_64.rpm","evolution-data-server-3.28.5-14.el8.x86_64.rpm","evolution-data-server-langpacks-3.28.5-14.el8.noarch.rpm"],"source":"evolution-data-server-3.28.5-14.el8.src.rpm"}]}]}

CVE

参考