An update that fixes two vulnerabilities is now available.
Description:
This update for enigmail fixes multiple issues.
Security issues fixed:
- CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms (bsc#1093151) - CVE-2017-17689: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails (bsc#1093152)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product: