Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorythreatUbuntuUbuntu 20.04 KMail Important Email Leak Threat USN-7731-1 CVE-2020-11880
Several security issues were fixed in KMail.. ========================================================================== Ubuntu Security Notice USN-7731-1 September 02, 2025 kmail vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in KMail. Software Description: - kmail: Full featured graphical email client Details: Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that KMail could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain configurations, if a user were tricked into opening a specially crafted email, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. This update mitigates the issue by preventing KMail from automatically loading external content. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-17689) It was discovered that KMail could be made to attach files to an email without the user's knowledge. If a user were tricked into sending an email created by a specially crafted "mailto" link, an attacker could possibly use this issue to obtain sensitive files. (CVE-2020-11880) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS kmail 4:19.12.3-0ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS kmail 4:17.12.3-0ubuntu1+esm1 Available with Ubuntu Pro After a standard system update you need to restart KMail to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7731-1 CVE-2017-17689, CVE-2020-11880 . A crucial update for KMail addresses critical email securityflaws within Ubuntu versions 18.04 and 20.04 LTS. Immediate action recommended.. KMail Security Issues, Email Threats, Ubuntu Vulnerability. . Severity: Important. LinuxSecurity.com Team
Sep 03, 2025
•Important
Ubuntu
172
security advisoryinformation leakcriticalUbuntu 16.04: USN-7729-1 KDE PIM Critical Email Leak CVE-2024-50624
Several security issues were fixed in KDE PIM.. ========================================================================== Ubuntu Security Notice USN-7729-1 September 02, 2025 kdepim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in KDE PIM. Software Description: - kdepim: Personal Information Management apps Details: Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain configurations, if a user were tricked into opening a specially crafted email, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. This update mitigates the issue by preventing KMail from automatically loading external content. (CVE-2017-17689) Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME or PGP encrypted emails. If a user were tricked into replying to a specially crafted email, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. (CVE-2019-10732) It was discovered that the KMail application of KDE PIM could be made to attach files to an email without the user's knowledge. If a user were tricked into sending an email created by a specially crafted "mailto" link, an attacker could possibly use this issue to obtain sensitive files. This update mitigates the issue by displaying a warning to the user when files are attached in this way. (CVE-2020-11880) It was discovered that the Account Wizard application of KDE PIM used HTTP rather than HTTPS when retrieving certain emailserver configurations. An attacker could possibly use this issue to cause email clients to use an attacker-controlled email server. This issue only affected Ubuntu 16.04 LTS. (CVE-2024-50624) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS accountwizard 4:15.12.3-0ubuntu1.1+esm1 Available with Ubuntu Pro kmail 4:15.12.3-0ubuntu1.1+esm1 Available with Ubuntu Pro libkf5messageviewer5 4:15.12.3-0ubuntu1.1+esm1 Available with Ubuntu Pro libkf5templateparser5 4:15.12.3-0ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS kmail 4:4.13.3-0ubuntu0.2+esm1 Available with Ubuntu Pro libmessageviewer4 4:4.13.3-0ubuntu0.2+esm1 Available with Ubuntu Pro libtemplateparser4 4:4.13.3-0ubuntu0.2+esm1 Available with Ubuntu Pro After a standard system update you need to restart KMail to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7729-1 CVE-2017-17689, CVE-2019-10732, CVE-2020-11880, CVE-2024-50624 . Critical security flaws rectified in KDE PIM for Ubuntu to safeguard email information leakage. Users are advised to perform updates immediately.. KDE PIM, Email Security, Ubuntu Update, Critical Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Sep 03, 2025
•Critical
Ubuntu
203
security advisorycriticalemail leakMageia 8: 2022-0214 Critical: Trojita Email Leak Attack
An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak . MGASA-2022-0214 - Updated trojita packages fix security vulnerability Publication date: 03 Jun 2022 URL: https://advisories.mageia.org/MGASA-2022-0214.html Type: security Affected Mageia releases: 8 CVE: CVE-2019-10734 An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. (CVE-2019-10734) References: - https://bugs.mageia.org/show_bug.cgi?id=30000 - https://lists.fedoraproject.org/archives/list/
Jun 03, 2022
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!