CVE-2018-15587 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Affected Products (NVD)

Vendor	Product	Version
gnome	evolution	𝑥 ≤ 3.28.2
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

evolution

bookworm	3.46.4-2 fixed
bullseye	3.38.3-1+deb11u2 fixed
bullseye (security)	3.38.3-1+deb11u2 fixed
sid	3.54.1-1 fixed
trixie	3.54.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

evolution

bionic	needed
cosmic	ignored
disco	Fixed 3.31.90-1 released
eoan	Fixed 3.31.90-1 released
focal	Fixed 3.31.90-1 released
groovy	Fixed 3.31.90-1 released
hirsute	Fixed 3.31.90-1 released
impish	Fixed 3.31.90-1 released
jammy	Fixed 3.31.90-1 released
kinetic	Fixed 3.31.90-1 released
lunar	Fixed 3.31.90-1 released
mantic	Fixed 3.31.90-1 released
noble	Fixed 3.31.90-1 released
trusty	dne
xenial	needed

evolution-data-server

bionic	Fixed 3.28.5-0ubuntu0.18.04.2 released
cosmic	Fixed 3.30.5-0ubuntu0.18.10.1 released
disco	Fixed 3.31.90-1 released
eoan	Fixed 3.31.90-1 released
focal	Fixed 3.31.90-1 released
groovy	Fixed 3.31.90-1 released
hirsute	Fixed 3.31.90-1 released
impish	Fixed 3.31.90-1 released
jammy	Fixed 3.31.90-1 released
kinetic	Fixed 3.31.90-1 released
lunar	Fixed 3.31.90-1 released
mantic	Fixed 3.31.90-1 released
noble	Fixed 3.31.90-1 released
trusty	dne
xenial	Fixed 3.18.5-1ubuntu1.2 released

openSUSE / SLES Releases

openSUSE Product

Release

evolution

suse enterprise desktop 12 SP3	3.22.6-19.9.1 fixed
suse enterprise desktop 12 SP4	3.22.6-19.9.1 fixed
suse enterprise desktop 15	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP1	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP2	3.34.4-1.49 fixed
suse enterprise desktop 15 SP3	3.34.4-1.49 fixed
suse enterprise desktop 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise sap 12 SP3	3.22.6-19.9.1 fixed
suse enterprise sap 12 SP4	3.22.6-19.9.1 fixed
suse enterprise sap 12 SP5	3.22.6-19.9.1 fixed
suse enterprise sap 15	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP1	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP2	3.34.4-1.49 fixed
suse enterprise sap 15 SP3	3.34.4-1.49 fixed
suse enterprise sap 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise server 12 SP3	3.22.6-19.9.1 fixed
suse enterprise server 12 SP4	3.22.6-19.9.1 fixed
suse enterprise server 12 SP5	3.22.6-19.9.1 fixed
suse enterprise server 15	3.26.6-4.3.1 fixed
suse enterprise server 15 SP1	3.26.6-4.3.1 fixed
suse enterprise server 15 SP2	3.34.4-1.49 fixed
suse enterprise server 15 SP3	3.34.4-1.49 fixed
suse enterprise server 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise workstation 12 SP3	3.22.6-19.9.1 fixed
suse enterprise workstation 12 SP4	3.22.6-19.9.1 fixed
suse enterprise workstation 12 SP5	3.22.6-19.9.1 fixed
suse enterprise workstation 15	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP1	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP2	3.34.4-1.49 fixed
suse enterprise workstation 15 SP3	3.34.4-1.49 fixed
suse enterprise workstation 15 SP4	3.42.4-150400.1.10 fixed

evolution-devel

suse enterprise desktop 15	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP1	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP2	3.34.4-1.49 fixed
suse enterprise desktop 15 SP3	3.34.4-1.49 fixed
suse enterprise desktop 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise sap 15	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP1	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP2	3.34.4-1.49 fixed
suse enterprise sap 15 SP3	3.34.4-1.49 fixed
suse enterprise sap 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise server 15	3.26.6-4.3.1 fixed
suse enterprise server 15 SP1	3.26.6-4.3.1 fixed
suse enterprise server 15 SP2	3.34.4-1.49 fixed
suse enterprise server 15 SP3	3.34.4-1.49 fixed
suse enterprise server 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise workstation 15	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP1	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP2	3.34.4-1.49 fixed
suse enterprise workstation 15 SP3	3.34.4-1.49 fixed
suse enterprise workstation 15 SP4	3.42.4-150400.1.10 fixed

evolution-lang

suse enterprise desktop 12 SP3	3.22.6-19.9.1 fixed
suse enterprise desktop 12 SP4	3.22.6-19.9.1 fixed
suse enterprise desktop 15	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP1	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP2	3.34.4-1.49 fixed
suse enterprise desktop 15 SP3	3.34.4-1.49 fixed
suse enterprise desktop 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise sap 12 SP3	3.22.6-19.9.1 fixed
suse enterprise sap 12 SP4	3.22.6-19.9.1 fixed
suse enterprise sap 12 SP5	3.22.6-19.9.1 fixed
suse enterprise sap 15	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP1	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP2	3.34.4-1.49 fixed
suse enterprise sap 15 SP3	3.34.4-1.49 fixed
suse enterprise sap 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise server 12 SP3	3.22.6-19.9.1 fixed
suse enterprise server 12 SP4	3.22.6-19.9.1 fixed
suse enterprise server 12 SP5	3.22.6-19.9.1 fixed
suse enterprise server 15	3.26.6-4.3.1 fixed
suse enterprise server 15 SP1	3.26.6-4.3.1 fixed
suse enterprise server 15 SP2	3.34.4-1.49 fixed
suse enterprise server 15 SP3	3.34.4-1.49 fixed
suse enterprise server 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise workstation 12 SP3	3.22.6-19.9.1 fixed
suse enterprise workstation 12 SP4	3.22.6-19.9.1 fixed
suse enterprise workstation 12 SP5	3.22.6-19.9.1 fixed
suse enterprise workstation 15	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP1	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP2	3.34.4-1.49 fixed
suse enterprise workstation 15 SP3	3.34.4-1.49 fixed
suse enterprise workstation 15 SP4	3.42.4-150400.1.10 fixed

evolution-plugin-bogofilter

suse enterprise desktop 15	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP1	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP2	3.34.4-1.49 fixed
suse enterprise desktop 15 SP3	3.34.4-1.49 fixed
suse enterprise desktop 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise sap 15	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP1	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP2	3.34.4-1.49 fixed
suse enterprise sap 15 SP3	3.34.4-1.49 fixed
suse enterprise sap 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise server 15	3.26.6-4.3.1 fixed
suse enterprise server 15 SP1	3.26.6-4.3.1 fixed
suse enterprise server 15 SP2	3.34.4-1.49 fixed
suse enterprise server 15 SP3	3.34.4-1.49 fixed
suse enterprise server 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise workstation 15	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP1	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP2	3.34.4-1.49 fixed
suse enterprise workstation 15 SP3	3.34.4-1.49 fixed
suse enterprise workstation 15 SP4	3.42.4-150400.1.10 fixed

evolution-plugin-pst-import

suse enterprise desktop 15	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP1	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP2	3.34.4-1.49 fixed
suse enterprise desktop 15 SP3	3.34.4-1.49 fixed
suse enterprise desktop 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise sap 15	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP1	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP2	3.34.4-1.49 fixed
suse enterprise sap 15 SP3	3.34.4-1.49 fixed
suse enterprise sap 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise server 15	3.26.6-4.3.1 fixed
suse enterprise server 15 SP1	3.26.6-4.3.1 fixed
suse enterprise server 15 SP2	3.34.4-1.49 fixed
suse enterprise server 15 SP3	3.34.4-1.49 fixed
suse enterprise server 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise workstation 15	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP1	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP2	3.34.4-1.49 fixed
suse enterprise workstation 15 SP3	3.34.4-1.49 fixed
suse enterprise workstation 15 SP4	3.42.4-150400.1.10 fixed

evolution-plugin-spamassassin

suse enterprise desktop 15	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP1	3.26.6-4.3.1 fixed
suse enterprise desktop 15 SP2	3.34.4-1.49 fixed
suse enterprise desktop 15 SP3	3.34.4-1.49 fixed
suse enterprise desktop 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise sap 15	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP1	3.26.6-4.3.1 fixed
suse enterprise sap 15 SP2	3.34.4-1.49 fixed
suse enterprise sap 15 SP3	3.34.4-1.49 fixed
suse enterprise sap 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise server 15	3.26.6-4.3.1 fixed
suse enterprise server 15 SP1	3.26.6-4.3.1 fixed
suse enterprise server 15 SP2	3.34.4-1.49 fixed
suse enterprise server 15 SP3	3.34.4-1.49 fixed
suse enterprise server 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise workstation 15	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP1	3.26.6-4.3.1 fixed
suse enterprise workstation 15 SP2	3.34.4-1.49 fixed
suse enterprise workstation 15 SP3	3.34.4-1.49 fixed
suse enterprise workstation 15 SP4	3.42.4-150400.1.10 fixed

evolution-plugin-text-highlight

suse enterprise desktop 15 SP2	3.34.4-1.49 fixed
suse enterprise desktop 15 SP3	3.34.4-1.49 fixed
suse enterprise desktop 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise sap 15 SP2	3.34.4-1.49 fixed
suse enterprise sap 15 SP3	3.34.4-1.49 fixed
suse enterprise sap 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise server 15 SP2	3.34.4-1.49 fixed
suse enterprise server 15 SP3	3.34.4-1.49 fixed
suse enterprise server 15 SP4	3.42.4-150400.1.10 fixed
suse enterprise workstation 15 SP2	3.34.4-1.49 fixed
suse enterprise workstation 15 SP3	3.34.4-1.49 fixed
suse enterprise workstation 15 SP4	3.42.4-150400.1.10 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

atk

RHEL 7

0:2.28.1-2.el7

fixed

atk-devel

RHEL 7

0:2.28.1-2.el7

fixed

evolution

RHEL 7	0:3.28.5-8.el7 fixed
RHEL 8	0:3.28.5-12.el8 fixed

evolution-bogofilter

RHEL 7	0:3.28.5-8.el7 fixed
RHEL 8	0:3.28.5-12.el8 fixed

evolution-data-server

RHEL 7	0:3.28.5-4.el7 fixed
RHEL 8	0:3.28.5-13.el8 fixed

evolution-data-server-devel

RHEL 7	0:3.28.5-4.el7 fixed
RHEL 8	0:3.28.5-13.el8 fixed

evolution-data-server-doc

RHEL 7	0:3.28.5-4.el7 fixed
RHEL 8	0:3.28.5-13.el8 fixed

evolution-data-server-langpacks

RHEL 7	0:3.28.5-4.el7 fixed
RHEL 8	0:3.28.5-13.el8 fixed

evolution-data-server-perl

RHEL 7	0:3.28.5-4.el7 fixed
RHEL 8	0:3.28.5-13.el8 fixed

evolution-data-server-tests

RHEL 7	0:3.28.5-4.el7 fixed
RHEL 8	0:3.28.5-13.el8 fixed

evolution-devel

RHEL 7	0:3.28.5-8.el7 fixed
RHEL 8	0:3.28.5-12.el8 fixed

evolution-devel-docs

RHEL 7

0:3.28.5-8.el7

fixed

evolution-ews

RHEL 7	0:3.28.5-5.el7 fixed
RHEL 8	0:3.28.5-9.el8 fixed

evolution-ews-langpacks

RHEL 7	0:3.28.5-5.el7 fixed
RHEL 8	0:3.28.5-9.el8 fixed

evolution-help

RHEL 7	0:3.28.5-8.el7 fixed
RHEL 8	0:3.28.5-12.el8 fixed

evolution-langpacks

RHEL 7	0:3.28.5-8.el7 fixed
RHEL 8	0:3.28.5-12.el8 fixed

evolution-pst

RHEL 7	0:3.28.5-8.el7 fixed
RHEL 8	0:3.28.5-12.el8 fixed

evolution-spamassassin

RHEL 7	0:3.28.5-8.el7 fixed
RHEL 8	0:3.28.5-12.el8 fixed

Known Exploits!

Common Weakness Enumeration

CWE-347 - Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00024.html

http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html

http://seclists.org/fulldisclosure/2019/Apr/38

http://www.openwall.com/lists/oss-security/2019/04/30/4

https://bugzilla.gnome.org/show_bug.cgi?id=796424

https://github.com/RUB-NDS/Johnny-You-Are-Fired

https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf

https://lists.debian.org/debian-lts-announce/2019/04/msg00027.html

https://seclists.org/bugtraq/2019/Jun/7

https://usn.ubuntu.com/3998-1/

https://www.debian.org/security/2019/dsa-4457

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00024.html

http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html

http://seclists.org/fulldisclosure/2019/Apr/38

http://www.openwall.com/lists/oss-security/2019/04/30/4

https://bugzilla.gnome.org/show_bug.cgi?id=796424

https://github.com/RUB-NDS/Johnny-You-Are-Fired

https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf

https://lists.debian.org/debian-lts-announce/2019/04/msg00027.html

https://seclists.org/bugtraq/2019/Jun/7

https://usn.ubuntu.com/3998-1/

https://www.debian.org/security/2019/dsa-4457