|
|
Subscribe / Log in / New account

Ubuntu alert USN-7732-1 (kmail-account-wizard)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7732-1] KMail Account Wizard vulnerability


Date:
              Wed, 03 Sep 2025 14:39:08 +0000


Message-ID:
              <E1utodg-0000Nl-KP@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7732-1
September 02, 2025

kmail-account-wizard vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

KMail Account Wizard uses an insecure protocol.

Software Description:
- kmail-account-wizard: Wizard for KDE PIM applications account setup

Details:

It was discovered that KMail Account Wizard used HTTP rather than HTTPS
when retrieving certain email server configurations. An attacker could
possibly use this issue to cause email clients to use an
attacker-controlled email server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  accountwizard                   4:23.08.5-0ubuntu3+esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  accountwizard                   4:21.12.3-0ubuntu1+esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  accountwizard                   4:19.12.3-0ubuntu1+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  accountwizard                   4:17.12.3-0ubuntu1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7732-1
  CVE-2024-50624




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmi4UKYACgkQcpJm3tlz
hgHbLRAAgqGtCAjaJi0Bma5e9AjtAYBNqcUziQMhtVAWQVRr641wHvLnMiAQEdPo
W2yXo+s8h8ZEAdIVLQgS/SboePuIPS66DLHP72BNXR3FPZNcMLdqBZMOsSNP1gfq
Yh+HjBuxuN73VUitNaNrV9+BhO1nhrn4jk4SerI4gk3uBPhxn8bP9TN/Db9cD04L
V8BFTT+9n5ncr8b/KRH4IhXDoT25rYUjcodJUxisX+ZmdKJA3NX0l11rEFFw2JA3
oTOM33mUm1SGNbMpTFLSYi+2RIyCf31VvqGLkGjTJZz3qasmVEsvxH+5ayxfyRnA
4gwfHZszWINvUmlJVSr28MpkxgoHMRLf2MCuIStPd0CP6ga3QuMLLu9bhOStmA4Y
vt4JkDP4wug3E31PomWsgp9Qfc8V5f15LcxXMNiLEy7MhyJQKMfGHs7Jk3aVqPD0
Ic8KZtjWhM5Orp/uwlvsVwqFHC/xa2sYJX1OS/NjiEdFtOLin0fu8nRfXqbpZ2EW
LJ5quJJXUeM26N7jvBK2vSfaePUf1R8zddbZzXcYptMPV4fveVJGf+icl52dlBqQ
PCHx32hw3Nf8Y4hZ+AOKz7uwLaApOZRqLzJ9oS56pX26EkGY6SczgA/t6sMSGZHf
7eBvei+Ukp4ICI+wtZ7Xg5MZZcgD27kzvmwI3r9Jzg1wYN+Km+o=
=G+vL
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds