Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in enigmail
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in enigmail
ID: SUSE-SU-2018:2243-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Workstation Extension 15
Datum: Mi, 8. August 2018, 07:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
Applikationen: Enigmail

Originalnachricht

   SUSE Security Update: Security update for enigmail
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:2243-1
Rating: moderate
References: #1094781 #1096745 #1097525
Cross-References: CVE-2018-12019 CVE-2018-12020
Affected Products:
SUSE Linux Enterprise Workstation Extension 15
______________________________________________________________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for enigmail to 2.0.7 fixes the following issues:

These security issues were fixed:

- CVE-2018-12020: Mitigation against GnuPG signature spoofing: Email
signatures could be spoofed via an embedded "--filename" parameter
in
OpenPGP literal data packets. This update prevents this issue from being
exploited if GnuPG was not updated (boo#1096745)
- CVE-2018-12019: The signature verification routine interpreted User IDs
as status/control messages and did not correctly keep track of the
status of multiple signatures. This allowed remote attackers to spoof
arbitrary email signatures via public keys containing crafted primary
user ids (boo#1097525)
- Disallow plaintext (literal packets) outside of encrpyted packets
- Replies to a partially encrypted message may have revealed protected
information - no longer display PGP/MIME message part followed by
unencrypted data (bsc#1094781)
- Fix signature Spoofing via Inline-PGP in HTML Mails

These non-security issues were fixed:

- Fix filter actions forgetting selected mail folder names
- Fix compatibility issue with Thunderbird 60b7


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Workstation Extension 15:

zypper in -t patch SUSE-SLE-Product-WE-15-2018-1514=1



Package List:

- SUSE Linux Enterprise Workstation Extension 15 (x86_64):

enigmail-2.0.7-3.7.2


References:

https://www.suse.com/security/cve/CVE-2018-12019.html
https://www.suse.com/security/cve/CVE-2018-12020.html
https://bugzilla.suse.com/1094781
https://bugzilla.suse.com/1096745
https://bugzilla.suse.com/1097525

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung