Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0390: geary security update

    Date 21 Oct 2020
    194
    Posted By LinuxSecurity Advisories
    GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. (CVE-2020-24661)
    MGASA-2020-0390 - Updated geary package fixes a security vulnerability
    
    Publication date: 21 Oct 2020
    URL: https://advisories.mageia.org/MGASA-2020-0390.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-24661
    
    GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for
    IMAP and SMTP services using invalid TLS certificates (e.g., self-signed
    certificates) when the client system is not configured to use a system-provided
    PKCS#11 store. This allows a meddler in the middle to present a different
    invalid certificate to intercept incoming and outgoing mail. (CVE-2020-24661)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27242
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/NS6CSTOBVO5HSAR3X5CT6DS6QDHXDB26/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24661
    
    SRPMS:
    - 7/core/geary-3.32.1-1.1.mga7
    

    Advisories

    LinuxSecurity Poll

    No results found.

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.