10 matches found
openSUSE Security Update : enigmail (openSUSE-2019-395) (EFAIL)
This update for enigmail to version 2.0.5 fixes the following issues : Improvements on previous fixes on CVE-2017-17688, boo1093151 and CVE-2017-17689, boo1093152 EFAIL : - do not decrypt MIME parts unnecessarily - improve Error Message for Missing Message Modification Code %NASLMINLEVEL 70300 C...
openSUSE Security Update : enigmail (openSUSE-2019-368) (EFAIL)
This update for enigmail fixes multiple issues. Security issues fixed : - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms bsc1093151 - CVE-2017-17689: CBC gadget attacks allows to...
openSUSE: Security Advisory for enigmail (openSUSE-SU-2018:1347-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 27 : thunderbird-enigmail (2018-25525a9346) (EFAIL)
Enigmail update to version 2.0.4, introduces fixes for the efail attack. Please check and modify your Thunderbird settings if required: https://enigmail.net/index.php/en/home/news/66-2018-05-16-efail-vulner ability-affects-encrypted-mails Note that Tenable Network Security has extracted the...
Fedora 26 : thunderbird-enigmail (2018-6020628437) (EFAIL)
Enigmail update to version 2.0.4, introduces fixes for the efail attack. Please check and modify your Thunderbird settings if required: https://enigmail.net/index.php/en/home/news/66-2018-05-16-efail-vulner ability-affects-encrypted-mails Note that Tenable Network Security has extracted the...
openSUSE Security Update : enigmail (openSUSE-2018-495) (EFAIL)
This update for enigmail to version 2.0.5 fixes the following issues : Improvements on previous fixes on CVE-2017-17688, boo1093151 and CVE-2017-17689, boo1093152 EFAIL : - do not decrypt MIME parts unnecessarily - improve Error Message for Missing Message Modification Code %NASLMINLEVEL 70300 C...
openSUSE Security Update : enigmail (openSUSE-2018-474) (EFAIL)
This update for enigmail fixes multiple issues. Security issues fixed : - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms bsc1093151 - CVE-2017-17689: CBC gadget attacks allows to...
openSUSE Security Update : enigmail (openSUSE-2018-470) (EFAIL)
This update for enigmail to version 2.0.4 fixes multiple issues. Security issues fixed : - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms bsc1093151 - CVE-2017-17689: CBC gadget...
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode CFB malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code MDC feature or accept an obsolete...
CVE-2017-17688
CVE-2017-17688 concerns an OpenPGP CFB gadget/malleability attack (EFAIL) that can lead to plaintext exfiltration from encrypted emails. Connected advisories show Enigmail/OpenPGP patches (e.g., openSUSE SUSE/OpenSUSE-2019-368/395; Thunderbird enigmail updates) addressing this vulnerability by ti...