Bug 1163375 - CVE-2014-3566 POODLE - Enable TLS for SSL Camel connections
Summary: CVE-2014-3566 POODLE - Enable TLS for SSL Camel connections
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: evolution-data-server
Version: 6.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Matthew Barnes
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-12 15:16 UTC by Milan Crha
Modified: 2015-07-22 05:59 UTC (History)
7 users (show)

Fixed In Version: evolution-data-server-2.32.3-22.el6
Doc Type: Bug Fix
Doc Text:
The Evolution client could not connect to a mail server using the Secure Sockets Layer (SSL) protocol when the server had SSL disabled due to the POODLE vulnerability. With this update, the Evolution Data Server has been modified to also connect using the Transport Layer Security (TLSv1) protocol, thus fixing this bug.
Clone Of:
Environment:
Last Closed: 2015-07-22 05:59:22 UTC


Attachments (Terms of Use)
eds patch (1.70 KB, patch)
2014-11-12 15:29 UTC, Milan Crha
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1264 normal SHIPPED_LIVE evolution-data-server bug fix update 2015-07-20 17:49:42 UTC

Description Milan Crha 2014-11-12 15:16:10 UTC
(Kind of a clone of bug #1153723.)

IMAP works fine, but NNTP, SMTP and POP3 are affected, which I missed.

> This comes from a Fedora bug #1153052, where is reported that Evolution
> cannot connect to mail (like IMAP) server using SSL when the server has
> the SSL disabled due to the CVE-2014-3566 POODLE (see bug #1152789 even
> this is not related to openssl as such).
>
> The fedora bug contains a fix which can be added into RHEL7 too and fix
> an error like:
>
>   Could not connect to 'server:993': Cannot communicate securely with peer:
>   no common encryption algorithm(s).

Comment 1 Milan Crha 2014-11-12 15:29:57 UTC
Created attachment 956783 [details]
eds patch

This fixes it.

Comment 4 George Reeke 2015-02-27 19:11:33 UTC
To the quality assurance people:
evolution-data-server-2.32.3-23.el6.x86_64.rpm
evolution-data-server-debuginfo-2.32.3-23.el6.x86_64.rpm
evolution-data-server-devel-2.32.3-23.el6.x86_64.rpm
were provided to me for testing in my RedHat 6.6 64-bit
environment where I have the standard distribution version
of evolution, currently evolution-2.32.3-34.el6.x86_64.
This is to let you know that the new version of
evolution-data-server resolved my problem with getting
POP email from a server that disabled SSLv3 and has
worked for a week now with no problems.  So apparently
the 64-bit version is also OK.
Thanks from an end user,
George Reeke

Comment 7 errata-xmlrpc 2015-07-22 05:59:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1264.html


Note You need to log in before you can comment on or make changes to this bug.