Ubuntu alert USN-6876-1 (kopanocore)

From:
             
 
Chrisa Oikonomou <chrisa.oikonomou@canonical.com>
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-6876-1] Kopano Core vulnerabilities
Date:
             
 
Thu, 04 Jul 2024 19:40:10 +0300
Message-ID:
             
 
<bff750b9-ab01-4569-88e9-0d46eb8ba5fd@canonical.com>
==========================================================================
Ubuntu Security Notice USN-6876-1
July 04, 2024

kopanocore vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Kopano Core.

Software Description:
- kopanocore: Complete and feature rich groupware solution

Details:

It was discovered that Kopano Core allowed out-of-bounds access. An
attacker could use this issue to expose private information. This issue
only affected Ubuntu 18.04 LTS. (CVE-2019-19907)

It was discovered that Kopano Core allowed possible authentication
with expired passwords. An attacker could use this issue to bypass
authentication. (CVE-2022-26562)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   kopano-archiver                 8.7.0-7.1ubuntu10.1
   kopano-contacts                 8.7.0-7.1ubuntu10.1
   kopano-dagent                   8.7.0-7.1ubuntu10.1
   kopano-gateway                  8.7.0-7.1ubuntu10.1
   kopano-ical                     8.7.0-7.1ubuntu10.1
   kopano-libs                     8.7.0-7.1ubuntu10.1
   kopano-monitor                  8.7.0-7.1ubuntu10.1
   kopano-server                   8.7.0-7.1ubuntu10.1
   kopano-spooler                  8.7.0-7.1ubuntu10.1
   kopano-utils                    8.7.0-7.1ubuntu10.1
   php-mapi                        8.7.0-7.1ubuntu10.1
   python3-mapi                    8.7.0-7.1ubuntu10.1

Ubuntu 20.04 LTS
   kopano-archiver                 8.7.0-7ubuntu1.1
   kopano-contacts                 8.7.0-7ubuntu1.1
   kopano-dagent                   8.7.0-7ubuntu1.1
   kopano-gateway                  8.7.0-7ubuntu1.1
   kopano-ical                     8.7.0-7ubuntu1.1
   kopano-libs                     8.7.0-7ubuntu1.1
   kopano-monitor                  8.7.0-7ubuntu1.1
   kopano-server                   8.7.0-7ubuntu1.1
   kopano-spooler                  8.7.0-7ubuntu1.1
   kopano-utils                    8.7.0-7ubuntu1.1
   php-mapi                        8.7.0-7ubuntu1.1
   python3-mapi                    8.7.0-7ubuntu1.1

Ubuntu 18.04 LTS
   kopano-archiver                 8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-contacts                 8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-dagent                   8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-gateway                  8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-ical                     8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-libs                     8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-monitor                  8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-server                   8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-spooler                  8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   kopano-utils                    8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   php-mapi                        8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   python-mapi                     8.5.5-0ubuntu1+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6876-1 
<https://ubuntu.com/security/notices/USN-6876-1>
   CVE-2019-19907, CVE-2022-26562

Package Information:
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1... 
<https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1...>
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ub... 
<https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ub...>


Attachment: None (type=text/html)
(elided)


Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmaG0GoFAwAAAAAACgkQC+du+fOjiEyL
0AwAqKgw0fpFakbG1G/GLP/jYGMir3Ii/voFPwRcbAN8g42uoSPz73sS/FCL2qlB0ApN528WmXBU
ufMV0sslJuJDiUZpYCB6AYP37qPV3ARAgN4sJ/+GUccMmRrsLCjHK78BlMVCRWfRf12If1jmRlwP
iK6/1VkXqdFhMcSZSJ0QLa2W6XKZPELQAUU3sg/BrTIWgqjBYlC8OEFtOPo1UoK1gLKSHE8ncF/B
clzLRbPGYqFVpQBZQ7wY0lolgcqi6Z144/1ZVXxU8BvUf+wtGAqVVXO3Nw3dQdzp4p/MINPpnvPj
Ht4s4gTR6xUpn7x3qgEOKK4mr+gLyg8BmFJIgb7qGs+xAYgwCkgtO7DKCOuoHbVWSC/YPChB2WbI
SKgwTDLdwtnz8zLQ6SqcHYyp9SFJnyd2sGGnSi2lohraY0SVxoRH+244cBVrivK+coAteUXpDj+R
84BBkoscwujEYDAFY1R+3BiDfQG6auDGUdRk0QlDxDekWSI+ozeCy7PA6FdW
=KSDG
-----END PGP SIGNATURE-----


Attachment: None (type=text/plain)