Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu 12.04 LTS USN-3100-1 Moderate HTML Injection In KMail

Calendar Oct 12, 2016 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate ubuntu html injection kmail kdepimlibs
KMail could be made to run HTML if it opened a specially crafted email. 
=========================================================================Ubuntu Security Notice USN-3100-1
October 12, 2016

kdepimlibs vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

KMail could be made to run HTML if it opened a specially crafted email.

Software Description:
- kdepimlibs: the KDE PIM libraries

Details:

Roland Tapken discovered that the KDE-PIM Libraries incorrectly filtered
URLs. A remote attacker could use this issue to perform an HTML injection
attack in the KMail plain text viewer.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  libkpimutils4                   4:4.8.5-0ubuntu0.3

After a standard system update you need to restart KMail to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3100-1
  CVE-2016-7966

Package Information:
  https://launchpad.net/ubuntu/+source/kdepimlibs/4:4.8.5-0ubuntu0.3

Ubuntu 12.04 LTS USN-3100-1 Moderate HTML Injection In KMail

ubuntu
Calendar Grey October 12, 2016
Dist Ubuntu Esm H88
KMail may be susceptible to manipulation through specially designed emails that execute HTML injections, impacting Ubuntu 12.04 LTS along with its derivatives.
KMail could be made to run HTML if it opened a specially crafted email.

Summary

Topics%20covered

Topics Covered

security advisory moderate ubuntu html injection kmail kdepimlibs

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libkpimutils4 4:4.8.5-0ubuntu0.3 After a standard system update you need to restart KMail to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3100-1

CVE-2016-7966

October 12, 2016

Topics%20covered

Topics Covered

security advisory moderate ubuntu html injection kmail kdepimlibs

Package Information

https://launchpad.net/ubuntu/+source/kdepimlibs/4:4.8.5-0ubuntu0.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here