important: wpa_supplicant/evolution-data-server security update
important
An update for wpa_supplicant/evolution-data-server is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
wpa_supplicant: This package provides debug sources for package wpa_supplicant. Debug sources are useful when developing applications that use this package or when debugging this package.
evolution-data-server: This package contains supplemental utilities for evolution-data-server that require Perl.
Security Fix(es):
wpa_supplicant: A flaw was found in the wpa_supplicant, in the way it processes P2P (Wi-Fi Direct) provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpa_supplicant process or potentially cause code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-27803)
wpa_supplicant: bugfix
evolution-data-server: (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."(CVE-2020-14928)
evolution-data-server: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.60B5.