Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
172
security advisoryinformation leakcriticalUbuntu 16.04: USN-7729-1 KDE PIM Critical Email Leak CVE-2024-50624
Several security issues were fixed in KDE PIM.. ========================================================================== Ubuntu Security Notice USN-7729-1 September 02, 2025 kdepim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in KDE PIM. Software Description: - kdepim: Personal Information Management apps Details: Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain configurations, if a user were tricked into opening a specially crafted email, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. This update mitigates the issue by preventing KMail from automatically loading external content. (CVE-2017-17689) Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME or PGP encrypted emails. If a user were tricked into replying to a specially crafted email, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. (CVE-2019-10732) It was discovered that the KMail application of KDE PIM could be made to attach files to an email without the user's knowledge. If a user were tricked into sending an email created by a specially crafted "mailto" link, an attacker could possibly use this issue to obtain sensitive files. This update mitigates the issue by displaying a warning to the user when files are attached in this way. (CVE-2020-11880) It was discovered that the Account Wizard application of KDE PIM used HTTP rather than HTTPS when retrieving certain emailserver configurations. An attacker could possibly use this issue to cause email clients to use an attacker-controlled email server. This issue only affected Ubuntu 16.04 LTS. (CVE-2024-50624) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS accountwizard 4:15.12.3-0ubuntu1.1+esm1 Available with Ubuntu Pro kmail 4:15.12.3-0ubuntu1.1+esm1 Available with Ubuntu Pro libkf5messageviewer5 4:15.12.3-0ubuntu1.1+esm1 Available with Ubuntu Pro libkf5templateparser5 4:15.12.3-0ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS kmail 4:4.13.3-0ubuntu0.2+esm1 Available with Ubuntu Pro libmessageviewer4 4:4.13.3-0ubuntu0.2+esm1 Available with Ubuntu Pro libtemplateparser4 4:4.13.3-0ubuntu0.2+esm1 Available with Ubuntu Pro After a standard system update you need to restart KMail to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7729-1 CVE-2017-17689, CVE-2019-10732, CVE-2020-11880, CVE-2024-50624 . Critical security flaws rectified in KDE PIM for Ubuntu to safeguard email information leakage. Users are advised to perform updates immediately.. KDE PIM, Email Security, Ubuntu Update, Critical Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Sep 03, 2025
•Critical
Ubuntu
197
security advisorycriticalencryptionDebian 8: DLA-1825-1 critical: kdepim email decryption threat
A reply-based decryption oracle was found in kdepim, which provides the KMail e-mail client. An attacker in possession of S/MIME or PGP encrypted emails can wrap . Package : kdepim Version : 4:4.14.1-1+deb8u2 CVE ID : CVE-2019-10732 Debian Bug : 926996 A reply-based decryption oracle was found in kdepim, which provides the KMail e-mail client. An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. For Debian 8 "Jessie", this problem has been fixed in version 4:4.14.1-1+deb8u2. We recommend that you upgrade your kdepim packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Package : kdepim Version : 4:4.14.1-1+deb8u2 CVE ID : CVE-2019-10732 Debian Bug : 926996 A reply-bas. reply-based, decryption, oracle, found, kdepim, which, provides, kmail, e-mail, client. . Severity: Critical. LinuxSecurity.com Team
Jun 18, 2019
•Critical
Debian LTS
172
security advisorymoderatekdepimUbuntu 12.04 LTS: USN-1512-1 Moderate: KDE PIM JavaScript Exploit
KDE PIM could be made to execute JavaScript if it opened a specially crafted email.. =========================================================================Ubuntu Security Notice USN-1512-1 July 19, 2012 kdepim vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 Summary: KDE PIM could be made to execute JavaScript if it opened a specially crafted email. Software Description: - kdepim: Personal Information Management apps Details: It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: kdepim 4:4.8.4a-0ubuntu0.3 Ubuntu 11.10: kdepim 4:4.7.4+git111222-0ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1512-1 CVE-2012-3413 Package Information: https://launchpad.net/ubuntu/+source/kdepim/4:4.8.4a-0ubuntu0.3 https://launchpad.net/ubuntu/+source/kdepim/4:4.7.4+git111222-0ubuntu0.3 . New KDE PIM flaw in Ubuntu enables JavaScript execution through specially designed emails. Security update advised for user protection.. KDEPIM, JavaScript Exploit, Email Security, Ubuntu Updates. . Severity: Important. LinuxSecurity.com Team
Jul 19, 2012
•Important
Ubuntu
89
security advisoryFedorakdepimFedora 10 kdepim 4.3.1: Potential Security Fix for Certificate Validation
This updates KDE to 4.3.1, the latest upstream bugfix release. The main improvements are: * KDE 4.3 is now also available in Croatian. * A crash when editing toolbar setup has been fixed. * Support for transferring files through SSH using KIO::Fish has been fixed. * A number of bugs in KWin, KDE's window and compositing manager has been fixed. * A large number of bugs in KMail, KDE's email client are now gone. See https://kde.org/announcements/announce-4.3.1/ for more information. In addition, this update: * fixes a potential security issue (CVE-2009-2702) with certificate validation in the KIO KSSL code. It is believed that the affected code is not actually used (the code in Qt, for which a security update was already issued, is) and thus the issue is only potential, but KSSL is being patched just in case, * splits PolicyKit-kde out of kdebase-workspace again to avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired instead (#519654).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9427 2009-09-09 00:48:07 -------------------------------------------------------------------------------- Name : kdepim Product : Fedora 10 Version : 4.3.1 Release : 1.fc10 URL : https://kde.org/ Summary : PIM (Personal Information Manager) applications Description : PIM (Personal Information Manager) applications, including: * akregator: feed aggregator * kmail: email client * knode: newsreader * knotes: sticky notes for the desktop * kontact: integrated PIM management * korganizer: journal, appointments, events, todos * kpilot: HotSync® software for Palm OS® devices -------------------------------------------------------------------------------- Update Information: This updates KDE to 4.3.1, the latest upstream bugfix release. The main improvements are: * KDE 4.3 is now also available in Croatian. * A crash when editing toolbar setup has been fixed. * Support for transferring filesthrough SSH using KIO::Fish has been fixed. * A number of bugs in KWin, KDE's window and compositing manager has been fixed. * A large number of bugs in KMail, KDE's email client are now gone. See https://kde.org/announcements/announce-4.3.1/ for more information. In addition, this update: * fixes a potential security issue (CVE-2009-2702) with certificate validation in the KIO KSSL code. It is believed that the affected code is not actually used (the code in Qt, for which a security update was already issued, is) and thus the issue is only potential, but KSSL is being patched just in case, * splits PolicyKit-kde out of kdebase-workspace again to avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired instead (#519654). -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 28 2009 Than Ngo - 4.3.1-1 - 4.3.1 * Tue Aug 18 2009 Rex Dieter - 4.3.0-4 - kmail: upstream fix for custom font settings (#kdebug#178402) * Tue Aug 11 2009 Lukáš Tinkl - 4.3.0-3 - fix kmail default save dir regression (#496988) * Sat Aug 8 2009 Rex Dieter - 4.3.0-2 - -libs: move designer plugins here - %check: desktop-file-validate - don't own %{_kde4_appsdir}/kconf_update/ * Thu Jul 30 2009 Than Ngo - 4.3.0-1 - 4.3.0 * Fri Jul 24 2009 Fedora Release Engineering - 6:4.2.98-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Than Ngo - 4.2.98-1 - 4.3rc3 * Sat Jul 11 2009 Than Ngo - 4.2.96-1 - 4.3rc2 * Tue Jul 7 2009 Rex Dieter 4.2.95-2 - Requires: kdepim-runtime (< F-12) * Mon Jun 29 2009 Than Ngo - 4.2.95-1 - 4.3rc1 * Thu Jun 4 2009 Lorenzo Villani - 6:4.2.90-1 - KDE 4.3 Beta 2 * Fri May 29 2009 Rex Dieter - 4.2.85-2 - fix meeting-organizer icon conflict with oxygen-icons - -libs: (re)add dep on kdelibs4 * Wed May 13 2009 Lukáš Tinkl - 4.2.85-1 - KDE 4.3 beta 1 * Mon Apr 13 2009 Rex Dieter - 4.2.2-4 - drop extraneous BR's, including libmal-devel (not currently used) * Mon Apr 6 2009 Than Ngo -4.2.2-3 - apply upstream patch to fix crash in korganizer * Wed Apr 1 2009 Rex Dieter - 4.2.2-2 - optimize scriptlets * Tue Mar 31 2009 Lukáš Tinkl - 4.2.2-1 - KDE 4.2.2 * Mon Mar 9 2009 Rex Dieter 4.2.1-3 - upstream korganizer-view patch * Wed Mar 4 2009 Than Ngo - 4.2.1-2 - upstream patch, speed up folder syncing * Fri Feb 27 2009 Than Ngo - 4.2.1-1 - 4.2.1 * Wed Feb 25 2009 Fedora Release Engineering - 6:4.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Tue Jan 27 2009 Than Ngo - 4.2.0-2 - upstream patch, fix data corruption problems in KPilot * Thu Jan 22 2009 Than Ngo - 4.2.0-1 - 4.2.0 * Thu Jan 15 2009 Rex Dieter 4.1.96-3 - move libkpilot_*.so -devel -> main pkg * Thu Jan 15 2009 Kevin Kofler 4.1.96-2 - reenable BR pilot-link-devel, add missing BR libmal-devel (for KPilot) * Wed Jan 7 2009 Than Ngo 4.1.96-1 - 4.2rc1 * Fri Dec 12 2008 Than Ngo 4.1.85-1 - 4.2beta2 * Fri Nov 28 2008 Lorenzo Villani - 6:4.1.80-3 - kdepim-4.1.80-libqgpgme-link-fix.patch fix libqgpgme linking errors* Thu Nov 20 2008 Than Ngo 4.1.80-2 - merged * Thu Nov 20 2008 Lorenzo Villani - 6:4.1.80-1 - 4.1.80 - BR cmake > = 2.6.2 - make install/fast - kdepim-4.1.2-kabcdistlistupdater.patch upstreamed * Wed Nov 12 2008 Than Ngo 4.1.3-1 - 4.1.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=520661 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kdepim' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Sep 15, 2009
•Important
Fedora
89
security advisoryFedoracritical updateFedora Core 5: Important Update for kdepim 3.5.3 Released Now
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-727 2006-06-19 ---------------------------------------------------------------------Product : Fedora Core 5 Name : kdepim Version : 3.5.3 Release : 0.2.fc5 Summary : PIM (Personal Information Manager) for KDE Description : A PIM (Personal Information Manager) for KDE. ---------------------------------------------------------------------* Mon Jun 19 2006 Than Ngo 6:3.5.3-0.2.fc5 - BR: cyrus-sasl-devel, #195500 * Fri Jun 9 2006 Than Ngo 6:3.5.3-0.1.fc5 - update to 3.5.3 ---------------------------------------------------------------------This update can be downloaded from: 71e2f29210ce48851cdf4c23ccd190e28884946c SRPMS/kdepim-3.5.3-0.2.fc5.src.rpm 71e2f29210ce48851cdf4c23ccd190e28884946c noarch/kdepim-3.5.3-0.2.fc5.src.rpm 8916ea1d14e4bf4e735b9079c2639fc59ae46ca8 ppc/kdepim-3.5.3-0.2.fc5.ppc.rpm 7065ba87f6d97d91580498a57554581833a6f6f0 ppc/kdepim-devel-3.5.3-0.2.fc5.ppc.rpm f4730e30598bee05e3935c5cf0e2d98a9d294a95 ppc/debug/kdepim-debuginfo-3.5.3-0.2.fc5.ppc.rpm 4f6efa84c17a4d78de3fe61ff8cbdc0afda9a00f x86_64/kdepim-3.5.3-0.2.fc5.x86_64.rpm 65ee4d2e22d451c7039bf1aa798f80cbdf07a1e1 x86_64/kdepim-devel-3.5.3-0.2.fc5.x86_64.rpm 5ca0cc39055c55fccfdfbc53967cb038fa0697aa x86_64/debug/kdepim-debuginfo-3.5.3-0.2.fc5.x86_64.rpm 939df9667652b9f75b24e7f383cd09cc85e5ae38 i386/debug/kdepim-debuginfo-3.5.3-0.2.fc5.i386.rpm bb17b285376734e9604df9cde865aa5334f69897 i386/kdepim-3.5.3-0.2.fc5.i386.rpm 0ebcc3bb60ce796a0941abb07a15dd9f8df82f92 i386/kdepim-devel-3.5.3-0.2.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailinglist
Jun 19, 2006
•Important
Fedora
89
security advisoryFedora Coreupdate notificationFedora Core: 2006-711 Critical Advisory for kdepim 3.5.3 Update
Updated package. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-711 2006-06-19 ---------------------------------------------------------------------Product : Fedora Core 5 Name : kdepim Version : 3.5.3 Release : 0.1.fc5 Summary : PIM (Personal Information Manager) for KDE Description : A PIM (Personal Information Manager) for KDE. ---------------------------------------------------------------------Update Information: KDE 3.5.3 release Qt 3.3.6 release ---------------------------------------------------------------------* Fri Jun 9 2006 Than Ngo 6:3.5.3-0.1.fc5 - update to 3.5.3 ---------------------------------------------------------------------This update can be downloaded from: ad548589617b2569dc4163be1763807163469fd7 SRPMS/kdepim-3.5.3-0.1.fc5.src.rpm ad548589617b2569dc4163be1763807163469fd7 noarch/kdepim-3.5.3-0.1.fc5.src.rpm 43f76b56635f4835b0d7adb2a8f1d4ac9f362b0d ppc/kdepim-devel-3.5.3-0.1.fc5.ppc.rpm d586ccca036f2d53078f196c2d89e04de86080d7 ppc/kdepim-3.5.3-0.1.fc5.ppc.rpm 9b9e309a849ee40d8b23075fd90f2ad3ce96bdb2 ppc/debug/kdepim-debuginfo-3.5.3-0.1.fc5.ppc.rpm 036fcf5a1c8459cfae5ec284f9c88c0972531caf x86_64/kdepim-devel-3.5.3-0.1.fc5.x86_64.rpm 4f5424280d6570803b03ca1eb1dbda04fd845cb3 x86_64/kdepim-3.5.3-0.1.fc5.x86_64.rpm 79f3dbd624755628660054c99f61ee3f041dda73 x86_64/debug/kdepim-debuginfo-3.5.3-0.1.fc5.x86_64.rpm 4734affb6c47066f63280b3e6961b18e5b3065fe i386/debug/kdepim-debuginfo-3.5.3-0.1.fc5.i386.rpm 5a6b62d01769b16771b23832ba68d5e2a96c16a2 i386/kdepim-devel-3.5.3-0.1.fc5.i386.rpm f1a9d0e6c29902a17dce7272043b580b64551a98 i386/kdepim-3.5.3-0.1.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at. ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jun 19, 2006
•Critical
Fedora
89
security advisorymoderateupdateModerate Severity Update for KDEPIM 3.5.3 on Fedora Core 4 Released
Updated package. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-710 2006-06-19 ---------------------------------------------------------------------Product : Fedora Core 4 Name : kdepim Version : 3.5.3 Release : 0.1.fc4 Summary : PIM (Personal Information Manager) for KDE Description : A PIM (Personal Information Manager) for KDE. ---------------------------------------------------------------------Update Information: KDE 3.5.3 ---------------------------------------------------------------------* Tue Jun 6 2006 Than Ngo 6:3.5.3-0.1.fc4 - update to 3.5.3 ---------------------------------------------------------------------This update can be downloaded from: 4a469f5e6a1bb54495fe79edbf21944084e3b480 SRPMS/kdepim-3.5.3-0.1.fc4.src.rpm 4a469f5e6a1bb54495fe79edbf21944084e3b480 noarch/kdepim-3.5.3-0.1.fc4.src.rpm bef98a811ddb6e8c8615f01c264acef12441ca34 ppc/kdepim-3.5.3-0.1.fc4.ppc.rpm 0164f542d42dfc28738ecd0ef5fca871fe893a25 ppc/kdepim-devel-3.5.3-0.1.fc4.ppc.rpm 48f1a183b36d530e0a3bc0be58a7ed82be0d1236 ppc/debug/kdepim-debuginfo-3.5.3-0.1.fc4.ppc.rpm 1c98eb901162b11172b0f2d4ee7abfe171e95fb1 x86_64/kdepim-3.5.3-0.1.fc4.x86_64.rpm 403419f691b73572e4a8fb5fa757b1d2f2b7422e x86_64/kdepim-devel-3.5.3-0.1.fc4.x86_64.rpm 722b8d8fe2386e3b852d93f95342de946b607f7d x86_64/debug/kdepim-debuginfo-3.5.3-0.1.fc4.x86_64.rpm 21ad2f20338a03c0c19bdda90b2949685cabd89c i386/kdepim-3.5.3-0.1.fc4.i386.rpm f8076ac69438547667fce754662a9667c881e79c i386/kdepim-devel-3.5.3-0.1.fc4.i386.rpm 07a3e2e87e2dfb002ff27af9047ddab39964ba17 i386/debug/kdepim-debuginfo-3.5.3-0.1.fc4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at. ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jun 19, 2006
Fedora
89
security advisoryFedoraupdate informationFedora Core 5: kdepim 3.5.2 Update and Installation Guide
update to KDE 3.5.2. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-356 2006-04-18 ---------------------------------------------------------------------Product : Fedora Core 5 Name : kdepim Version : 3.5.2 Release : 0.1.fc5 Summary : PIM (Personal Information Manager) for KDE Description : A PIM (Personal Information Manager) for KDE. ---------------------------------------------------------------------Update Information: update to KDE 3.5.2 ---------------------------------------------------------------------* Fri Mar 31 2006 Than Ngo 6:3.5.2-0.1.fc5 - update to 3.5.2 ---------------------------------------------------------------------This update can be downloaded from: f7f0b20f6698577baeff651d952096a49f85313a SRPMS/kdepim-3.5.2-0.1.fc5.src.rpm f6d20a2adf5b1f88759d21c1687245f83802f146 ppc/kdepim-3.5.2-0.1.fc5.ppc.rpm 76867189b3736bb3f7f7da656e449a691029c3b5 ppc/kdepim-devel-3.5.2-0.1.fc5.ppc.rpm d9879895a15bd2e445ca37f796a2dc43c39658b7 ppc/debug/kdepim-debuginfo-3.5.2-0.1.fc5.ppc.rpm 6e8afb20c9be6c9aa3d95b6de788092963230682 x86_64/kdepim-3.5.2-0.1.fc5.x86_64.rpm 12ccedf6dd836c8f647235493a6cabae4c87d150 x86_64/kdepim-devel-3.5.2-0.1.fc5.x86_64.rpm 9587dd64ee931e155deb094f74fd2b1916d4dce2 x86_64/debug/kdepim-debuginfo-3.5.2-0.1.fc5.x86_64.rpm c54b89e241e71de46c86cb17a01e0f737abc4ce1 i386/kdepim-3.5.2-0.1.fc5.i386.rpm 1df4fb888dc3aa589c4d9fbbac971feb71dea178 i386/kdepim-devel-3.5.2-0.1.fc5.i386.rpm 8271a8ec922897ba424475589bb036c5c6400910 i386/debug/kdepim-debuginfo-3.5.2-0.1.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list
Apr 18, 2006
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!