Stay Secure with the Latest Linux Advisories

security advisorycriticalemail leak

Mageia 8: 2022-0214 Critical: Trojita Email Leak Attack

An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak . MGASA-2022-0214 - Updated trojita packages fix security vulnerability Publication date: 03 Jun 2022 URL: https://advisories.mageia.org/MGASA-2022-0214.html Type: security Affected Mageia releases: 8 CVE: CVE-2019-10734 An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. (CVE-2019-10734) References: - https://bugs.mageia.org/show_bug.cgi?id=30000 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/UO27BOQW7OIOG56IBQEHPEIS5JYYKDHN/ - https://www.cve.org/CVERecord?id=CVE-2019-10734 SRPMS: - 8/core/trojita-0.7-8.git20200625.2.1.mga8 . New versions of Trojita have been released in Mageia addressing significant vulnerabilities in email encryption protocols. For further information, see below.. Mageia Security Update,Trojita Email Vulnerability,Critical Email Threat,Email Encryption Risks. . Severity: Critical. LinuxSecurity.com Team

Jun 03, 2022 •Critical Mageia