What Are You Looking For?

Sign Up
   openSUSE Security Update: Security update for enigmail
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:1706-1
Rating:             moderate
References:         #1096745 #1097525 
Cross-References:   CVE-2018-12019 CVE-2018-12020
Affected Products:
                    SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for enigmail fixes vulnerabilities that allowed spoofing of
   e-mail signatures:

   - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user
     IDs (boo#1097525)
   - CVE-2018-12020: signature spoofing via diagnostic output of the original
     file name in GnuPG verbose mode (boo#1096745) This mitigation prevents
     CVE-2018-12020 from being exploited even if GnuPG is not patched.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Package Hub for SUSE Linux Enterprise 12:

      zypper in -t patch openSUSE-2018-630=1



Package List:

   - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

      enigmail-2.0.7-18.1


References:

   https://www.suse.com/security/cve/CVE-2018-12019.html
   https://www.suse.com/security/cve/CVE-2018-12020.html
   https://bugzilla.suse.com/1096745
   https://bugzilla.suse.com/1097525

--

openSUSE: 2018:1706-1: moderate: enigmail

June 15, 2018
An update that fixes two vulnerabilities is now available.

Description

This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures: - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525) - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2018-630=1


Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): enigmail-2.0.7-18.1


References

https://www.suse.com/security/cve/CVE-2018-12019.html https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/1096745 https://bugzilla.suse.com/1097525--


Severity
Announcement ID: openSUSE-SU-2018:1706-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo