This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8390898491890226862==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="fHB0rs5KVCRFnXvCn0mm8EIUXwo8gjh65"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--fHB0rs5KVCRFnXvCn0mm8EIUXwo8gjh65
Content-Type: multipart/mixed; boundary="3SPA8UbW36SEoh34jTeTIfBdwexD84qWX"
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <518dc695-0e8d-502c-40de-413193b11407@canonical.com>
Subject: [USN-3100-1] KDE-PIM Libraries vulnerability
--3SPA8UbW36SEoh34jTeTIfBdwexD84qWX
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-3100-1
October 12, 2016
kdepimlibs vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
KMail could be made to run HTML if it opened a specially crafted email.
Software Description:
- kdepimlibs: the KDE PIM libraries
Details:
Roland Tapken discovered that the KDE-PIM Libraries incorrectly filtered
URLs. A remote attacker could use this issue to perform an HTML injection
attack in the KMail plain text viewer.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libkpimutils4 4:4.8.5-0ubuntu0.3
After a standard system update you need to restart KMail to make all the
necessary changes.
References:
http://www.ubuntu.com/usn/usn-3100-1
CVE-2016-7966
Package Information:
https://launchpad.net/ubuntu/+source/kdepimlibs/4:4.8.5-0ubuntu0.3
--3SPA8UbW36SEoh34jTeTIfBdwexD84qWX--
--fHB0rs5KVCRFnXvCn0mm8EIUXwo8gjh65
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJX/ihcAAoJEGVp2FWnRL6TXd0P/jhCVOBA9T7BKQAc22Qeakqy
6Z6B93q5gU4tXX6xcU628JGeD5uV9ikIHMTpXP6Ae97knp8Emr2wKsKD5EO3cYwX
XTQ0UX5yOuOWylgGxvLOqmuwD+i0TfqzN4tpJsgFg8ez90SpNGrPXN6kxmUN+DjL
muFOfcuqR7/o5SDe249ltYTpYDhIv6IYqd4Zx0nwXaRIh+QL2mrmH01piRNepPyy
+WkXFYeKe8/lgiVuXtmSG/R/uImEez97jYc7jqPexXiptNFcxjF3RGKR6EJyeeFM
UsmvOp5zBi1RqfbJGnHylo/1EVl8qoNAmM7Mje6xN1p2cROOv42d/kWJottWexs0
DTtpkWTVP1MK21Cal26m5HhpWyyrRQ7MXlWDgRiT9vU5X4/SaS+JY6u5rokz4bC/
u//FQhC3OpMlhQSD1iGPKqtnLj0tgRQnDh/+t/lmu9tY8VmkUIxxTOYBo8tSioKV
qsFdol7n6Zwlc1g/MACd7uhy2OpdD/gys/iL9bU+h606j9P+Tsto8Sjr8wlIPp2B
4+MolSFeiL4I4SjctfH+dkFTrX/nLgUnj6UmVpO5i/6SMXy5zfvxH0m6ESkZjF+B
BZt6lSrMBncazcbLtX8rr9HzW+8nwDSuEIfKccY/+6pgTHP3dFmZAeEjXHoeaDqo
W/Cj9LFcD6zvLZ0kmqhe
=UUmX
-----END PGP SIGNATURE-----
--fHB0rs5KVCRFnXvCn0mm8EIUXwo8gjh65--
--===============8390898491890226862==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8390898491890226862==--
|