Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Ubuntu 18.04 LTS USN-7730-1 PIM Messagelib Critical Email Issue

ubuntu
Calendar Grey September 3, 2025
Dist Ubuntu Esm H88
Serious security flaws have been identified in PIM Messagelib on Ubuntu 18.04 LTS that urgently need to be addressed to avert potential data breaches.
Several security issues were fixed in PIM Messagelib.

Summary

Several security issues were fixed in PIM Messagelib.

Software Description:

- kf5-messagelib: KDE PIM messaging library

Details:

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising,

Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg

Schwenk discovered that PIM Messagelib could be made to leak the plaintext

of S/MIME encrypted emails when retrieving external content in emails.

Under certain configurations, if a user were tricked into opening a

specially crafted email using an application linked against PIM Messagelib,

an attacker could possibly use this issue to obtain the plaintext of an

encrypted email. This update mitigates the issue by preventing automatic

loading of external content. (CVE-2017-17689)

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel,

and Jörg Schwenk discovered that PIM Messagelib could be made to leak the

plaintext of S/MIME or PGP encrypted emails. If a user were tricked into

replying to a specially crafted...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  libkf5messageviewer5abi4        4:17.12.3-0ubuntu3+esm1
                                  Available with Ubuntu Pro
  libkf5mimetreeparser5abi2       4:17.12.3-0ubuntu3+esm1
                                  Available with Ubuntu Pro
  libkf5templateparser5abi2       4:17.12.3-0ubuntu3+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to restart any applications
which use PIM Messagelib, such as KMail, to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7730-1

CVE-2017-17689, CVE-2019-10732

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7730-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here