Advisories » MGAA-2014-0210

Updated evolution-data-server packages fix connections to non SSLv3 servers

Publication date: 05 Dec 2014
Modification date: 05 Dec 2014
Type: bugfix
Affected Mageia releases : 4

Description

Updated evolution-data-server packages fix connections to non SSLv3 servers

Evolution in the default configuration is not able to use TLSv1 or higher 
for SSL connections - it only allows SSLv3 connections. When TLS is enabled 
in Evolution, it requires the server to support STARTTLS, which is not 
offered by all servers.

Hence Evolution will fail on all servers where SSLv3 has been disabled 
after the recent POODLE vulnerability. This is mainly an issue for connecting
to IMAP servers, but may also apply to POP3 or SMTP servers.

The update corrects this issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14425
• https://bugzilla.redhat.com/show_bug.cgi?id=1153052
• http://pkgs.fedoraproject.org/cgit/evolution-data-server.git/commit/?h=f19&id=0b1a3991e3afc6ff60bbcbb75ea3e3d8fdf16829
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765838

SRPMS

4/core

• evolution-data-server-3.10.2-1.2.mga4