Описание
Security update for enigmail
This update for enigmail to version 2.0.5 fixes the following issues:
Improvements on previous fixes on CVE-2017-17688, boo#1093151 and CVE-2017-17689, boo#1093152 (EFAIL):
- do not decrypt MIME parts unnecessarily
- improve Error Message for Missing Message Modification Code
Список пакетов
SUSE Package Hub for SUSE Linux Enterprise 12
enigmail-2.0.5-12.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1392-1
- SUSE Security Ratings
Описание
** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 12:enigmail-2.0.5-12.1
Ссылки
- CVE-2017-17688
- SUSE Bug 1093151
- SUSE Bug 1093727
- SUSE Bug 1093971
- SUSE Bug 1093973
- SUSE Bug 1115719
Описание
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 12:enigmail-2.0.5-12.1
Ссылки
- CVE-2017-17689
- SUSE Bug 1093152
- SUSE Bug 1093727
- SUSE Bug 1093969