Headline
Ubuntu Security Notice USN-6876-1
Ubuntu Security Notice 6876-1 - It was discovered that Kopano Core allowed out-of-bounds access. An attacker could use this issue to expose private information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Kopano Core allowed possible authentication with expired passwords. An attacker could use this issue to bypass authentication.
==========================================================================
Ubuntu Security Notice USN-6876-1
July 04, 2024
kopanocore vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Kopano Core.
Software Description:
- kopanocore: Complete and feature rich groupware solution
Details:
It was discovered that Kopano Core allowed out-of-bounds access. An
attacker could use this issue to expose private information. This issue
only affected Ubuntu 18.04 LTS. (CVE-2019-19907)
It was discovered that Kopano Core allowed possible authentication
with expired passwords. An attacker could use this issue to bypass
authentication. (CVE-2022-26562)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
kopano-archiver 8.7.0-7.1ubuntu10.1
kopano-contacts 8.7.0-7.1ubuntu10.1
kopano-dagent 8.7.0-7.1ubuntu10.1
kopano-gateway 8.7.0-7.1ubuntu10.1
kopano-ical 8.7.0-7.1ubuntu10.1
kopano-libs 8.7.0-7.1ubuntu10.1
kopano-monitor 8.7.0-7.1ubuntu10.1
kopano-server 8.7.0-7.1ubuntu10.1
kopano-spooler 8.7.0-7.1ubuntu10.1
kopano-utils 8.7.0-7.1ubuntu10.1
php-mapi 8.7.0-7.1ubuntu10.1
python3-mapi 8.7.0-7.1ubuntu10.1
Ubuntu 20.04 LTS
kopano-archiver 8.7.0-7ubuntu1.1
kopano-contacts 8.7.0-7ubuntu1.1
kopano-dagent 8.7.0-7ubuntu1.1
kopano-gateway 8.7.0-7ubuntu1.1
kopano-ical 8.7.0-7ubuntu1.1
kopano-libs 8.7.0-7ubuntu1.1
kopano-monitor 8.7.0-7ubuntu1.1
kopano-server 8.7.0-7ubuntu1.1
kopano-spooler 8.7.0-7ubuntu1.1
kopano-utils 8.7.0-7ubuntu1.1
php-mapi 8.7.0-7ubuntu1.1
python3-mapi 8.7.0-7ubuntu1.1
Ubuntu 18.04 LTS
kopano-archiver 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-contacts 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-dagent 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-gateway 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-ical 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-libs 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-monitor 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-server 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-spooler 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
kopano-utils 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
php-mapi 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
python-mapi 8.5.5-0ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6876-1
https://ubuntu.com/security/notices/USN-6876-1
CVE-2019-19907, CVE-2022-26562
Package Information:
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1ubuntu10.1
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1ubuntu10.1
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ubuntu1.1
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ubuntu1.1
Related news
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired.
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.