Описание
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| evolution | unfixed | package | ||
| kf5-messagelib | fixed | 4:18.08.1-1 | package | |
| kf5-messagelib | no-dsa | stretch | package | |
| kdepim | removed | package | ||
| kdepim | no-dsa | stretch | package | |
| kdepim | no-dsa | jessie | package |
Примечания
https://efail.de
https://bugzilla.gnome.org/show_bug.cgi?id=796135
https://dot.kde.org/2018/05/15/efail-and-kmail
protocol vulnerability can't be fixed in implementations but they can prevent exploitation by disabling loading of remote content
kmail bug is #898634, but src:kmail is not affected, the code in question is in kf5-messagelib
kf5-messagelib: https://phabricator.kde.org/D12391 (v18.04.1)
kf5-messagelib: https://phabricator.kde.org/D12393 (v18.04.1)
kmail: https://phabricator.kde.org/D12394
EPSS
Связанные уязвимости
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
EPSS