Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6876-1

Ubuntu Security Notice 6876-1 - It was discovered that Kopano Core allowed out-of-bounds access. An attacker could use this issue to expose private information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Kopano Core allowed possible authentication with expired passwords. An attacker could use this issue to bypass authentication.

Packet Storm
#vulnerability#ubuntu#php#auth

==========================================================================
Ubuntu Security Notice USN-6876-1
July 04, 2024

kopanocore vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Kopano Core.

Software Description:

  • kopanocore: Complete and feature rich groupware solution

Details:

It was discovered that Kopano Core allowed out-of-bounds access. An
attacker could use this issue to expose private information. This issue
only affected Ubuntu 18.04 LTS. (CVE-2019-19907)

It was discovered that Kopano Core allowed possible authentication
with expired passwords. An attacker could use this issue to bypass
authentication. (CVE-2022-26562)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
kopano-archiver 8.7.0-7.1ubuntu10.1
kopano-contacts 8.7.0-7.1ubuntu10.1
kopano-dagent 8.7.0-7.1ubuntu10.1
kopano-gateway 8.7.0-7.1ubuntu10.1
kopano-ical 8.7.0-7.1ubuntu10.1
kopano-libs 8.7.0-7.1ubuntu10.1
kopano-monitor 8.7.0-7.1ubuntu10.1
kopano-server 8.7.0-7.1ubuntu10.1
kopano-spooler 8.7.0-7.1ubuntu10.1
kopano-utils 8.7.0-7.1ubuntu10.1
php-mapi 8.7.0-7.1ubuntu10.1
python3-mapi 8.7.0-7.1ubuntu10.1

Ubuntu 20.04 LTS
kopano-archiver 8.7.0-7ubuntu1.1
kopano-contacts 8.7.0-7ubuntu1.1
kopano-dagent 8.7.0-7ubuntu1.1
kopano-gateway 8.7.0-7ubuntu1.1
kopano-ical 8.7.0-7ubuntu1.1
kopano-libs 8.7.0-7ubuntu1.1
kopano-monitor 8.7.0-7ubuntu1.1
kopano-server 8.7.0-7ubuntu1.1
kopano-spooler 8.7.0-7ubuntu1.1
kopano-utils 8.7.0-7ubuntu1.1
php-mapi 8.7.0-7ubuntu1.1
python3-mapi 8.7.0-7ubuntu1.1

Ubuntu 18.04 LTS
kopano-archiver 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-contacts 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-dagent 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-gateway 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-ical 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-libs 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-monitor 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-server 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-spooler 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-utils 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
php-mapi 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
python-mapi 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6876-1
https://ubuntu.com/security/notices/USN-6876-1
CVE-2019-19907, CVE-2022-26562

Package Information:
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1ubuntu10.1
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1ubuntu10.1
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ubuntu1.1
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ubuntu1.1

Related news

CVE-2022-26562: Kopano

An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired.

CVE-2019-19907: Kopano

HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution