Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Ubuntu 20.04 KMail Important Email Leak Threat USN-7731-1 CVE-2020-11880

ubuntu
Calendar Grey September 3, 2025
Dist Ubuntu Esm H88
A crucial update for KMail addresses critical email security flaws within Ubuntu versions 18.04 and 20.04 LTS. Immediate action recommended.
Several security issues were fixed in KMail.

Summary

Several security issues were fixed in KMail.

Software Description:

- kmail: Full featured graphical email client

Details:

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising,

Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg

Schwenk discovered that KMail could be made to leak the plaintext

of S/MIME encrypted emails when retrieving external content in emails.

Under certain configurations, if a user were tricked into opening a

specially crafted email, an attacker could possibly use this issue to

obtain the plaintext of an encrypted email. This update mitigates the

issue by preventing KMail from automatically loading external content.

This issue only affected Ubuntu 18.04 LTS. (CVE-2017-17689)

It was discovered that KMail could be made to attach files to an email

without the user's knowledge. If a user were tricked into sending an

email created by a specially crafted "mailto" link, an attacker could

possibly use this issue to obtain sensitive files. (...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  kmail                           4:19.12.3-0ubuntu1+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  kmail                           4:17.12.3-0ubuntu1+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to restart KMail to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7731-1

CVE-2017-17689, CVE-2020-11880

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7731-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here