Описание
Security update for enigmail
This update for enigmail fixes multiple issues.
Security issues fixed:
- CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms (bsc#1093151)
- CVE-2017-17689: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails (bsc#1093152)
Список пакетов
openSUSE Leap 15.0
enigmail-2.0.4-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1347-1
- SUSE Security Ratings
Описание
** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.
Затронутые продукты
openSUSE Leap 15.0:enigmail-2.0.4-lp150.2.3.1
Ссылки
- CVE-2017-17688
- SUSE Bug 1093151
- SUSE Bug 1093727
- SUSE Bug 1093971
- SUSE Bug 1093973
- SUSE Bug 1115719
Описание
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Затронутые продукты
openSUSE Leap 15.0:enigmail-2.0.4-lp150.2.3.1
Ссылки
- CVE-2017-17689
- SUSE Bug 1093152
- SUSE Bug 1093727
- SUSE Bug 1093969