Security update for kdepim4
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:1749-1
Final
1
1
2017-07-02T08:59:31Z
current
2017-07-02T08:59:31Z
2017-07-02T08:59:31Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for kdepim4
This update for kdepim4 fixes the following issues:
- CVE-2017-9604: The kmail 'send later' function does not have 'sign/encryption' action ensured. (boo#1044210)
The package kdepim-addons was updated to conflict with 4.x based akonadi package to prevent file conflicts. (boo#1045936)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2017-07/msg00003.html
E-Mail link for openSUSE-SU-2017:1749-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.2
akonadi-4.14.10-6.5.1
akregator-4.14.10-6.5.1
kaddressbook-4.14.10-6.5.1
kalarm-4.14.10-6.5.1
kdepim-addons-16.08.2-2.3.1
kdepim4-4.14.10-6.5.1
kmail-4.14.10-6.5.1
knode-4.14.10-6.5.1
knotes-4.14.10-6.5.1
kontact-4.14.10-6.5.1
korganizer-4.14.10-6.5.1
ktimetracker-4.14.10-6.5.1
ktnef-4.14.10-6.5.1
libkdepim4-4.14.10-6.5.1
akonadi-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
akregator-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
kaddressbook-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
kalarm-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
kdepim-addons-16.08.2-2.3.1 as a component of openSUSE Leap 42.2
kdepim4-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
kmail-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
knode-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
knotes-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
kontact-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
korganizer-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
ktimetracker-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
ktnef-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
libkdepim4-4.14.10-6.5.1 as a component of openSUSE Leap 42.2
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2017-9604
openSUSE Leap 42.2:akonadi-4.14.10-6.5.1
openSUSE Leap 42.2:akregator-4.14.10-6.5.1
openSUSE Leap 42.2:kaddressbook-4.14.10-6.5.1
openSUSE Leap 42.2:kalarm-4.14.10-6.5.1
openSUSE Leap 42.2:kdepim-addons-16.08.2-2.3.1
openSUSE Leap 42.2:kdepim4-4.14.10-6.5.1
openSUSE Leap 42.2:kmail-4.14.10-6.5.1
openSUSE Leap 42.2:knode-4.14.10-6.5.1
openSUSE Leap 42.2:knotes-4.14.10-6.5.1
openSUSE Leap 42.2:kontact-4.14.10-6.5.1
openSUSE Leap 42.2:korganizer-4.14.10-6.5.1
openSUSE Leap 42.2:ktimetracker-4.14.10-6.5.1
openSUSE Leap 42.2:ktnef-4.14.10-6.5.1
openSUSE Leap 42.2:libkdepim4-4.14.10-6.5.1
moderate
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-07/msg00003.html
https://www.suse.com/security/cve/CVE-2017-9604.html
CVE-2017-9604
https://bugzilla.suse.com/1044210
SUSE Bug 1044210