openSUSE-SU-2017:1749-1

Опубликовано: 02 июл. 2017

Источник: suse-cvrf

Описание

Security update for kdepim4

This update for kdepim4 fixes the following issues:

CVE-2017-9604: The kmail 'send later' function does not have 'sign/encryption' action ensured. (boo#1044210)

The package kdepim-addons was updated to conflict with 4.x based akonadi package to prevent file conflicts. (boo#1045936)

Список пакетов

openSUSE Leap 42.2

akonadi-4.14.10-6.5.1

akregator-4.14.10-6.5.1

kaddressbook-4.14.10-6.5.1

kalarm-4.14.10-6.5.1

kdepim-addons-16.08.2-2.3.1

kdepim4-4.14.10-6.5.1

kmail-4.14.10-6.5.1

knode-4.14.10-6.5.1

knotes-4.14.10-6.5.1

kontact-4.14.10-6.5.1

korganizer-4.14.10-6.5.1

ktimetracker-4.14.10-6.5.1

ktnef-4.14.10-6.5.1

libkdepim4-4.14.10-6.5.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-07/msg00003.html
E-Mail link for openSUSE-SU-2017:1749-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.

Затронутые продукты

openSUSE Leap 42.2:akonadi-4.14.10-6.5.1

openSUSE Leap 42.2:akregator-4.14.10-6.5.1

openSUSE Leap 42.2:kaddressbook-4.14.10-6.5.1

openSUSE Leap 42.2:kalarm-4.14.10-6.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-9604.html
CVE-2017-9604
https://bugzilla.suse.com/1044210
SUSE Bug 1044210

openSUSE-SU-2017:1749-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-9604

Описание

Затронутые продукты

Ссылки