Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia: 2020-0390 Moderate: Geary TLS Certificate Issue Interception

mageia
Calendar Grey October 21, 2020
Dist Mageia Esm H88
Mageia 2020-0455 addresses a critical issue in the network service, improving the handling of SSL certificates and reinforcing encryption protocols for FTP and HTTP services.
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client ...

Summary

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. (CVE-2020-24661)

References

- https://bugs.mageia.org/show_bug.cgi?id=27242

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NS6CSTOBVO5HSAR3X5CT6DS6QDHXDB26/

- https://www.cve.org/CVERecord?id=CVE-2020-24661

Topics%20covered

Topics Covered

security advisory TLS IMAP SMTP certificate issue Mageia

Resolution

SRPMS

- 7/core/geary-3.32.1-1.1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 21 Oct 2020
URL: https://advisories.mageia.org/MGASA-2020-0390.html
Type: security
CVE: CVE-2020-24661

Topics%20covered

Topics Covered

security advisory TLS IMAP SMTP certificate issue Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here