SUSE Package Hub - openSUSE-2019-395

Update Info

openSUSE-2019-395

Security update for enigmail

Type: security

Severity: moderate

Issued: 2019-03-23

Description:

This update for enigmail to version 2.0.5 fixes the following issues:

Improvements on previous fixes on CVE-2017-17688, boo#1093151 and CVE-2017-17689, boo#1093152 (EFAIL):

- do not decrypt MIME parts unnecessarily 
- improve Error Message for Missing Message Modification Code

References

CVE: CVE-2017-17689
CVE: CVE-2017-17688
Bugzilla: 1093152 VUL-0: CVE-2017-17689: evolution,mutt,claws-mail,trojita,kmail: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails (EFAIL)
Bugzilla: 1093151 VUL-0: CVE-2017-17688: evolution,mutt,claws-mail,trojita,kmail: CFB gadget attacks allows to exfiltrate plaintext out of encrypted emails (EFAIL)

Packages

enigmail-2.0.5-12.1