Ubuntu Security Notice USN-1547-1
28th August, 2012
libgdata, evolution-data-server vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Applications using GData services could be made to expose sensitive information over the network.
- evolution-data-server - Evolution suite data server
- libgdata - Library to access GData services
Vreixo Formoso discovered that the libGData library, as used
by Evolution and other applications, did not properly verify SSL
certificates. A remote attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter data
transmitted via the GData protocol.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 11.10:
- libgdata13 0.9.1-0ubuntu2.1
- Ubuntu 11.04:
- libgdata11 0.8.0-0ubuntu1.1
- Ubuntu 10.04 LTS:
- libgdata1.2-1 22.214.171.124-0ubuntu6.1
- libgdata-google1.2-1 126.96.36.199-0ubuntu6.1
- libgdata6 0.5.2-0ubuntu1.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.