Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Debian 11: DLA-4196-1 critical: kmail-account-wizard security issue

debian lts
Calendar Grey May 30, 2025
Dist Debian Esm H88
KMail configuration enhancement mitigates vulnerabilities linked to interception vulnerabilities while obtaining settings. Updating is strongly recommended.
An issue has been found in kmail-account-wizard, a wizard for KDE PIM applications account setup

Summary

An issue has been found in kmail-account-wizard, a wizard for KDE PIM
applications account setup.
The issues is about a man-in-the-middle-attack when using autoconf for
retrieving configuration.
Please also note that for configuration with autoconf.example.com, the
config is first fetched with https and the former http is used only as
fallback. For configuration via example.com/.well-known/autoconfig the
config is now fetched only with https.


For Debian 11 bullseye, this problem has been fixed in version
4:20.08.3-1+deb11u1.

We recommend that you upgrade your kmail-account-wizard packages.

For the detailed security status of kmail-account-wizard please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/kmail-account-wizard

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
critical
Lowest
Low
Medium
High
Critical

Package: kmail-account-wizard
Version: 4:20.08.3-1+deb11u1
CVE ID: CVE-2024-50624

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here