Security update for messagelib SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0227-1 Final 1 1 2021-02-02T09:11:56Z current 2021-02-02T09:11:56Z 2021-02-02T09:11:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for messagelib This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying (boo#1131885). This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-227 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YLC7UQIBHAGRFRPYNNT4MHJGHGZKGOLU/ E-Mail link for openSUSE-SU-2021:0227-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1131885 SUSE Bug 1131885 https://www.suse.com/security/cve/CVE-2019-10732/ SUSE CVE CVE-2019-10732 page SUSE Package Hub 15 SP1 messagelib-18.12.3-bp151.3.3.1 messagelib-devel-18.12.3-bp151.3.3.1 messagelib-lang-18.12.3-bp151.3.3.1 messagelib-18.12.3-bp151.3.3.1 as a component of SUSE Package Hub 15 SP1 messagelib-devel-18.12.3-bp151.3.3.1 as a component of SUSE Package Hub 15 SP1 messagelib-lang-18.12.3-bp151.3.3.1 as a component of SUSE Package Hub 15 SP1 In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. CVE-2019-10732 SUSE Package Hub 15 SP1:messagelib-18.12.3-bp151.3.3.1 SUSE Package Hub 15 SP1:messagelib-devel-18.12.3-bp151.3.3.1 SUSE Package Hub 15 SP1:messagelib-lang-18.12.3-bp151.3.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YLC7UQIBHAGRFRPYNNT4MHJGHGZKGOLU/ https://www.suse.com/security/cve/CVE-2019-10732.html CVE-2019-10732 https://bugzilla.suse.com/1131885 SUSE Bug 1131885