Security update for kdepim, messagelib SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1748-1 Final 1 1 2017-07-02T08:59:34Z current 2017-07-02T08:59:34Z 2017-07-02T08:59:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kdepim, messagelib This update for kdepim and messagelib fixes the following issues: - CVE-2017-9604: The kmail 'send later' function does not have 'sign/encryption' action ensured. (boo#1044210) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-756 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1044210 SUSE Bug 1044210 https://www.suse.com/security/cve/CVE-2017-9604/ SUSE CVE CVE-2017-9604 page SUSE Package Hub 12 SP2 akonadi_resources-16.08.2-5.2 akregator5-16.08.2-5.2 blogilo5-16.08.2-5.2 kaddressbook5-16.08.2-5.2 kalarm5-16.08.2-5.2 kdepim-16.08.2-5.2 kmail5-16.08.2-5.2 knotes5-16.08.2-5.2 kontact5-16.08.2-5.2 korganizer5-16.08.2-5.2 ktnef5-16.08.2-5.2 messagelib-16.08.2-5.1 messagelib-devel-16.08.2-5.1 akonadi_resources-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 akregator5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 blogilo5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 kaddressbook5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 kalarm5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 kdepim-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 kmail5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 knotes5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 kontact5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 korganizer5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 ktnef5-16.08.2-5.2 as a component of SUSE Package Hub 12 SP2 messagelib-16.08.2-5.1 as a component of SUSE Package Hub 12 SP2 messagelib-devel-16.08.2-5.1 as a component of SUSE Package Hub 12 SP2 KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. CVE-2017-9604 SUSE Package Hub 12 SP2:akonadi_resources-16.08.2-5.2 SUSE Package Hub 12 SP2:akregator5-16.08.2-5.2 SUSE Package Hub 12 SP2:blogilo5-16.08.2-5.2 SUSE Package Hub 12 SP2:kaddressbook5-16.08.2-5.2 SUSE Package Hub 12 SP2:kalarm5-16.08.2-5.2 SUSE Package Hub 12 SP2:kdepim-16.08.2-5.2 SUSE Package Hub 12 SP2:kmail5-16.08.2-5.2 SUSE Package Hub 12 SP2:knotes5-16.08.2-5.2 SUSE Package Hub 12 SP2:kontact5-16.08.2-5.2 SUSE Package Hub 12 SP2:korganizer5-16.08.2-5.2 SUSE Package Hub 12 SP2:ktnef5-16.08.2-5.2 SUSE Package Hub 12 SP2:messagelib-16.08.2-5.1 SUSE Package Hub 12 SP2:messagelib-devel-16.08.2-5.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9604.html CVE-2017-9604 https://bugzilla.suse.com/1044210 SUSE Bug 1044210