Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 16.04: USN-7729-1 KDE PIM Critical Email Leak CVE-2024-50624

ubuntu
Calendar Grey September 3, 2025
Dist Ubuntu Esm H88
Critical security flaws rectified in KDE PIM for Ubuntu to safeguard email information leakage. Users are advised to perform updates immediately.
Several security issues were fixed in KDE PIM.

Summary

Several security issues were fixed in KDE PIM.

Software Description:

- kdepim: Personal Information Management apps

Details:

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising,

Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg

Schwenk discovered that the KMail application of KDE PIM could be made

to leak the plaintext of S/MIME encrypted emails when retrieving

external content in emails. Under certain configurations, if a user were

tricked into opening a specially crafted email, an attacker could

possibly use this issue to obtain the plaintext of an encrypted email.

This update mitigates the issue by preventing KMail from automatically

loading external content. (CVE-2017-17689)

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel,

and Jörg Schwenk discovered that the KMail application of KDE PIM could

be made to leak the plaintext of S/MIME or PGP encrypted emails. If a

user were tricked into replying to a specially crafted email,...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  accountwizard                   4:15.12.3-0ubuntu1.1+esm1
                                  Available with Ubuntu Pro
  kmail                           4:15.12.3-0ubuntu1.1+esm1
                                  Available with Ubuntu Pro
  libkf5messageviewer5            4:15.12.3-0ubuntu1.1+esm1
                                  Available with Ubuntu Pro
  libkf5templateparser5           4:15.12.3-0ubuntu1.1+esm1
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  kmail                           4:4.13.3-0ubuntu0.2+esm1
                                  Available with Ubuntu Pro
  libmessageviewer4               4:4.13.3-0ubuntu0.2+esm1
                                  Available with Ubuntu Pro
  libtemplateparser4              4:4.13.3-0ubuntu0.2+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to restart KMail to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7729-1

CVE-2017-17689, CVE-2019-10732, CVE-2020-11880, CVE-2024-50624

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7729-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here