Security update for kmail-account-wizard SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0353-1 Final 1 1 2024-11-06T19:01:29Z current 2024-11-06T19:01:29Z 2024-11-06T19:01:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kmail-account-wizard This update for kmail-account-wizard fixes the following issues: - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files (boo#1232454, kde#487882) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-353 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RTPM7QBPNV2IRHCZU54SHNI4ODHT6PO4/ E-Mail link for openSUSE-SU-2024:0353-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1232454 SUSE Bug 1232454 https://www.suse.com/security/cve/CVE-2024-50624/ SUSE CVE CVE-2024-50624 page SUSE Package Hub 15 SP5 SUSE Package Hub 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 kmail-account-wizard-23.08.5-bp156.2.3.1 kmail-account-wizard-lang-23.08.5-bp156.2.3.1 kmail-account-wizard-23.08.5-bp156.2.3.1 as a component of SUSE Package Hub 15 SP5 kmail-account-wizard-lang-23.08.5-bp156.2.3.1 as a component of SUSE Package Hub 15 SP5 kmail-account-wizard-23.08.5-bp156.2.3.1 as a component of SUSE Package Hub 15 SP6 kmail-account-wizard-lang-23.08.5-bp156.2.3.1 as a component of SUSE Package Hub 15 SP6 kmail-account-wizard-23.08.5-bp156.2.3.1 as a component of openSUSE Leap 15.5 kmail-account-wizard-lang-23.08.5-bp156.2.3.1 as a component of openSUSE Leap 15.5 kmail-account-wizard-23.08.5-bp156.2.3.1 as a component of openSUSE Leap 15.6 kmail-account-wizard-lang-23.08.5-bp156.2.3.1 as a component of openSUSE Leap 15.6 ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard. CVE-2024-50624 SUSE Package Hub 15 SP5:kmail-account-wizard-23.08.5-bp156.2.3.1 SUSE Package Hub 15 SP5:kmail-account-wizard-lang-23.08.5-bp156.2.3.1 SUSE Package Hub 15 SP6:kmail-account-wizard-23.08.5-bp156.2.3.1 SUSE Package Hub 15 SP6:kmail-account-wizard-lang-23.08.5-bp156.2.3.1 openSUSE Leap 15.5:kmail-account-wizard-23.08.5-bp156.2.3.1 openSUSE Leap 15.5:kmail-account-wizard-lang-23.08.5-bp156.2.3.1 openSUSE Leap 15.6:kmail-account-wizard-23.08.5-bp156.2.3.1 openSUSE Leap 15.6:kmail-account-wizard-lang-23.08.5-bp156.2.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RTPM7QBPNV2IRHCZU54SHNI4ODHT6PO4/ https://www.suse.com/security/cve/CVE-2024-50624.html CVE-2024-50624 https://bugzilla.suse.com/1232454 SUSE Bug 1232454