Описание
Security update for kmail-account-wizard
This update for kmail-account-wizard fixes the following issues:
- CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files (boo#1232454, kde#487882)
Список пакетов
SUSE Package Hub 15 SP5
kmail-account-wizard-23.08.5-bp156.2.3.1
kmail-account-wizard-lang-23.08.5-bp156.2.3.1
SUSE Package Hub 15 SP6
kmail-account-wizard-23.08.5-bp156.2.3.1
kmail-account-wizard-lang-23.08.5-bp156.2.3.1
openSUSE Leap 15.5
kmail-account-wizard-23.08.5-bp156.2.3.1
kmail-account-wizard-lang-23.08.5-bp156.2.3.1
openSUSE Leap 15.6
kmail-account-wizard-23.08.5-bp156.2.3.1
kmail-account-wizard-lang-23.08.5-bp156.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0353-1
- SUSE Security Ratings
- SUSE Bug 1232454
- SUSE CVE CVE-2024-50624 page
Описание
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.
Затронутые продукты
SUSE Package Hub 15 SP5:kmail-account-wizard-23.08.5-bp156.2.3.1
SUSE Package Hub 15 SP5:kmail-account-wizard-lang-23.08.5-bp156.2.3.1
SUSE Package Hub 15 SP6:kmail-account-wizard-23.08.5-bp156.2.3.1
SUSE Package Hub 15 SP6:kmail-account-wizard-lang-23.08.5-bp156.2.3.1
Ссылки
- CVE-2024-50624
- SUSE Bug 1232454