MGASA-2020-0390 - Updated geary package fixes a security vulnerability Publication date: 21 Oct 2020 URL: https://advisories.mageia.org/MGASA-2020-0390.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-24661 GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. (CVE-2020-24661) References: - https://bugs.mageia.org/show_bug.cgi?id=27242 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NS6CSTOBVO5HSAR3X5CT6DS6QDHXDB26/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24661 SRPMS: - 7/core/geary-3.32.1-1.1.mga7
Mageia 2020-0390: geary security update
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client ...
Summary
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for
IMAP and SMTP services using invalid TLS certificates (e.g., self-signed
certificates) when the client system is not configured to use a system-provided
PKCS#11 store. This allows a meddler in the middle to present a different
invalid certificate to intercept incoming and outgoing mail. (CVE-2020-24661)
References
- https://bugs.mageia.org/show_bug.cgi?id=27242
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NS6CSTOBVO5HSAR3X5CT6DS6QDHXDB26/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24661
Resolution
MGASA-2020-0390 - Updated geary package fixes a security vulnerability
SRPMS
- 7/core/geary-3.32.1-1.1.mga7
Severity
Publication date: 21 Oct 2020
URL: https://advisories.mageia.org/MGASA-2020-0390.html
Type: security
CVE: CVE-2020-24661
News
HOWTOs
Features
About Us
Powered By
