USN-1547-1: libGData, evolution-data-server vulnerability

Ubuntu Security Notice USN-1547-1

28th August, 2012

libgdata, evolution-data-server vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04 LTS

Summary

Applications using GData services could be made to expose sensitive information over the network.

Software description

  • evolution-data-server - Evolution suite data server
  • libgdata - Library to access GData services

Details

Vreixo Formoso discovered that the libGData library, as used
by Evolution and other applications, did not properly verify SSL
certificates. A remote attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter data
transmitted via the GData protocol.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:
libgdata13 0.9.1-0ubuntu2.1
Ubuntu 11.04:
libgdata11 0.8.0-0ubuntu1.1
Ubuntu 10.04 LTS:
libgdata1.2-1 2.28.3.1-0ubuntu6.1
libgdata-google1.2-1 2.28.3.1-0ubuntu6.1
libgdata6 0.5.2-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-1177