Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 12.04 LTS: USN-1512-1 Moderate: KDE PIM JavaScript Exploit

Calendar Jul 19, 2012 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate kdepim ubuntu email exploit javascript issue
KDE PIM could be made to execute JavaScript if it opened a specially crafted email. 
=========================================================================Ubuntu Security Notice USN-1512-1
July 19, 2012

kdepim vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10

Summary:

KDE PIM could be made to execute JavaScript if it opened a specially
crafted email.

Software Description:
- kdepim: Personal Information Management apps

Details:

It was discovered that KDE PIM html renderer incorrectly enabled
JavaScript, Java and Plugins. A remote attacker could use this flaw to send
an email with embedded JavaScript that possibly executes when opened.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  kdepim                          4:4.8.4a-0ubuntu0.3

Ubuntu 11.10:
  kdepim                          4:4.7.4+git111222-0ubuntu0.3

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1512-1
  CVE-2012-3413

Package Information:
  https://launchpad.net/ubuntu/+source/kdepim/4:4.8.4a-0ubuntu0.3
  https://launchpad.net/ubuntu/+source/kdepim/4:4.7.4+git111222-0ubuntu0.3

Ubuntu 12.04 LTS: USN-1512-1 Moderate: KDE PIM JavaScript Exploit

ubuntu
Calendar Grey July 19, 2012
Dist Ubuntu Esm H88
New KDE PIM flaw in Ubuntu enables JavaScript execution through specially designed emails. Security update advised for user protection.
KDE PIM could be made to execute JavaScript if it opened a specially crafted email.

Summary

Topics%20covered

Topics Covered

security advisory moderate kdepim ubuntu email exploit javascript issue

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: kdepim 4:4.8.4a-0ubuntu0.3 Ubuntu 11.10: kdepim 4:4.7.4+git111222-0ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1512-1

CVE-2012-3413

Severity
important
Lowest
Low
Medium
High
Critical

July 19, 2012

Topics%20covered

Topics Covered

security advisory moderate kdepim ubuntu email exploit javascript issue

Package Information

https://launchpad.net/ubuntu/+source/kdepim/4:4.8.4a-0ubuntu0.3 https://launchpad.net/ubuntu/+source/kdepim/4:4.7.4+git111222-0ubuntu0.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here