Back

Vulnerability in Evolution Data Server Allows File Deletion in Ubuntu Systems

Severity: Medium (Score: 45.8)

Sources: Ubuntu, Linuxsecurity

Published: 2026-06-01 · Updated: 2026-06-01

Keywords: ubuntu, evolution, data, server, vulnerability, update, file

Severity indicators: vulnerability

Summary

A vulnerability has been identified in Evolution Data Server affecting Ubuntu 18.04 LTS and 20.04 LTS. The flaw allows an attacker to exploit the software's handling of local cache files, potentially leading to the deletion of arbitrary files. This issue was addressed in the recent USN-8055-2 update, which follows the earlier USN-8055-1 advisory. Users are advised to update their systems to the latest package versions to mitigate this risk. The specific versions impacted include evolution-data-server 3.36.5-0ubuntu1+esm1 for Ubuntu 20.04 LTS and 3.28.5-0ubuntu0.18.04.3+esm1 for Ubuntu 18.04 LTS. A session restart is required post-update to apply the changes. This vulnerability highlights the importance of regular system updates to maintain security. Key Points: • Evolution Data Server vulnerability allows arbitrary file deletion on affected Ubuntu systems. • Impacted versions include Ubuntu 18.04 LTS and 20.04 LTS with specific package versions. • Users must update their systems and restart sessions to apply the necessary security changes.

Detailed Analysis

**Impact** Ubuntu 18.04 LTS and 20.04 LTS users are affected, including derivatives of these distributions. The vulnerability allows an attacker to cause Evolution Data Server to remove arbitrary files, potentially leading to data loss or disruption of local cache-dependent applications. No specific sectors, geographies, or numbers of affected systems are provided. Business operations relying on Evolution Data Server for data management may experience file deletion incidents impacting service availability or data integrity. **Technical Details** The vulnerability arises from incorrect handling of local cache file removal by Evolution Data Server. Exploitation enables arbitrary file deletion, likely through local or remote attacker manipulation of the file removal process. No CVE identifier or malware/tools are mentioned. The kill chain stage corresponds to the action on objectives phase, specifically data destruction. No indicators of compromise (IOCs) are provided in the available sources. **Recommended Response** Apply the security updates USN-8055-2 for Ubuntu 18.04 LTS (evolution-data-server 3.28.5-0ubuntu0.18.04.3+esm1) and Ubuntu 20.04 LTS (evolution-data-server 3.36.5-0ubuntu1+esm1) immediately. After patching, users must restart their sessions to complete the update process. Monitor for unusual file deletion activity related to Evolution Data Server processes. No additional detection signatures or configuration changes are specified in the advisories.

Source articles (2)

  • USN-8055-2: Evolution Data Server vulnerability — Ubuntu · 2026-06-01
    USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ev…
  • Ubuntu Evolution Data Server Key File Deletion Vulnerability USN-8055 — Linuxsecurity · 2026-06-01
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Evolution Data Server could be made to remove files. Software Description: - evolu…

Timeline

  • 2026-06-01 — USN-8055-2 update released: Ubuntu released an update to address a vulnerability in Evolution Data Server affecting versions 18.04 and 20.04 LTS.
  • 2026-06-01 — Vulnerability discovered: It was found that Evolution Data Server mishandled local cache file deletions, allowing potential file removal by attackers.

Related entities

  • Ubuntu (Company)
  • Evolution Data Server Key File Deletion Vulnerability (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed