Security update for kdepim4 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1749-1 Final 1 1 2017-07-02T08:59:31Z current 2017-07-02T08:59:31Z 2017-07-02T08:59:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kdepim4 This update for kdepim4 fixes the following issues: - CVE-2017-9604: The kmail 'send later' function does not have 'sign/encryption' action ensured. (boo#1044210) The package kdepim-addons was updated to conflict with 4.x based akonadi package to prevent file conflicts. (boo#1045936) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-07/msg00003.html E-Mail link for openSUSE-SU-2017:1749-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 akonadi-4.14.10-6.5.1 akregator-4.14.10-6.5.1 kaddressbook-4.14.10-6.5.1 kalarm-4.14.10-6.5.1 kdepim-addons-16.08.2-2.3.1 kdepim4-4.14.10-6.5.1 kmail-4.14.10-6.5.1 knode-4.14.10-6.5.1 knotes-4.14.10-6.5.1 kontact-4.14.10-6.5.1 korganizer-4.14.10-6.5.1 ktimetracker-4.14.10-6.5.1 ktnef-4.14.10-6.5.1 libkdepim4-4.14.10-6.5.1 akonadi-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 akregator-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 kaddressbook-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 kalarm-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 kdepim-addons-16.08.2-2.3.1 as a component of openSUSE Leap 42.2 kdepim4-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 kmail-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 knode-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 knotes-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 kontact-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 korganizer-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 ktimetracker-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 ktnef-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 libkdepim4-4.14.10-6.5.1 as a component of openSUSE Leap 42.2 KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. CVE-2017-9604 openSUSE Leap 42.2:akonadi-4.14.10-6.5.1 openSUSE Leap 42.2:akregator-4.14.10-6.5.1 openSUSE Leap 42.2:kaddressbook-4.14.10-6.5.1 openSUSE Leap 42.2:kalarm-4.14.10-6.5.1 openSUSE Leap 42.2:kdepim-addons-16.08.2-2.3.1 openSUSE Leap 42.2:kdepim4-4.14.10-6.5.1 openSUSE Leap 42.2:kmail-4.14.10-6.5.1 openSUSE Leap 42.2:knode-4.14.10-6.5.1 openSUSE Leap 42.2:knotes-4.14.10-6.5.1 openSUSE Leap 42.2:kontact-4.14.10-6.5.1 openSUSE Leap 42.2:korganizer-4.14.10-6.5.1 openSUSE Leap 42.2:ktimetracker-4.14.10-6.5.1 openSUSE Leap 42.2:ktnef-4.14.10-6.5.1 openSUSE Leap 42.2:libkdepim4-4.14.10-6.5.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00003.html https://www.suse.com/security/cve/CVE-2017-9604.html CVE-2017-9604 https://bugzilla.suse.com/1044210 SUSE Bug 1044210