Several security issues were fixed in KDE PIM.
Software Description:
- kdepim: Personal Information Management apps
Details:
Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising,
Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg
Schwenk discovered that the KMail application of KDE PIM could be made
to leak the plaintext of S/MIME encrypted emails when retrieving
external content in emails. Under certain configurations, if a user were
tricked into opening a specially crafted email, an attacker could
possibly use this issue to obtain the plaintext of an encrypted email.
This update mitigates the issue by preventing KMail from automatically
loading external content. (CVE-2017-17689)
Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel,
and Jörg Schwenk discovered that the KMail application of KDE PIM could
be made to leak the plaintext of S/MIME or PGP encrypted emails. If a
user were tricked into replying to a specially crafted email,...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
accountwizard 4:15.12.3-0ubuntu1.1+esm1
Available with Ubuntu Pro
kmail 4:15.12.3-0ubuntu1.1+esm1
Available with Ubuntu Pro
libkf5messageviewer5 4:15.12.3-0ubuntu1.1+esm1
Available with Ubuntu Pro
libkf5templateparser5 4:15.12.3-0ubuntu1.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04 LTS
kmail 4:4.13.3-0ubuntu0.2+esm1
Available with Ubuntu Pro
libmessageviewer4 4:4.13.3-0ubuntu0.2+esm1
Available with Ubuntu Pro
libtemplateparser4 4:4.13.3-0ubuntu0.2+esm1
Available with Ubuntu Pro
After a standard system update you need to restart KMail to make
all the necessary changes.https://ubuntu.com/security/notices/USN-7729-1
CVE-2017-17689, CVE-2019-10732, CVE-2020-11880, CVE-2024-50624
Get the latest Linux and open source security news straight to your inbox.