Ubuntu alert USN-7731-1 (kmail)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7731-1] KMail vulnerabilities | |
| Date: | Wed, 03 Sep 2025 14:38:30 +0000 | |
| Message-ID: | <E1utod4-0007ts-OJ@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7731-1 September 02, 2025 kmail vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in KMail. Software Description: - kmail: Full featured graphical email client Details: Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that KMail could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain configurations, if a user were tricked into opening a specially crafted email, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. This update mitigates the issue by preventing KMail from automatically loading external content. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-17689) It was discovered that KMail could be made to attach files to an email without the user's knowledge. If a user were tricked into sending an email created by a specially crafted "mailto" link, an attacker could possibly use this issue to obtain sensitive files. (CVE-2020-11880) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS kmail 4:19.12.3-0ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS kmail 4:17.12.3-0ubuntu1+esm1 Available with Ubuntu Pro After a standard system update you need to restart KMail to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7731-1 CVE-2017-17689, CVE-2020-11880
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmi4SiYACgkQcpJm3tlz hgHkYBAAvqePqeqe08AamKSnsn5xjo+WtvIfPdqJu7BgCZWdGbujShfweKPsVC/o 1OSYivJAPCN4sgKYJhKmwmBQfSk8M91Ljfl/wEP9NvaMKWiIXBa9pJE5G2LAq+TA 1gqFb0LRY3EVcdTI4wnKBvC9a3jxs6/tC989/rEaU1CipydCb3nEib7hQjAnAwom 6BZYbMNiWoQgEpXVn0Y07nwEG46Z3LbThBtRYEOtXovfGSk4M+dDFmT/Qlufo3w5 rriXMv1dXKRxFvGQiS6DxQ/ry3waQ/DjCZlm7lm/rEXNkPVVP5piMhsqDBXKXKLr vOe3CDCA7KV9eodTTi0lsACCQPsjG5LT0Uyn5Suly8QZ9Wi2yAh1mvvIl6g8rO2D Vn6OA21pyhKZwNrUKQv2OdSZlX+KFUg7bz1bbarzQmhFGIOc+eY3vd+AWo9cJhkP /BfsyK6ZpjH6R4ipSse3y8e8lqhatMdGIx1XaHrYKPkniItWfew+C7pcbRuc6hCt yMVaij5uSTROUzFveHAVFe4GR47yeaUZud58suxPNjI3ghNVSG7L8mIIgTATNk7g egIvbfvjH/YVLWEKi0FExwQvFifJAM3ynaru6gnwSK89DvmZSwq396ZEJLu8IDcI cBagX8SqXACKgdpPoOb2n4L7qXPFAfxk3X2IwmTbuGhuET2IKjM= =0Mrp -----END PGP SIGNATURE-----