{"id":"USN-7731-1","summary":"kmail vulnerabilities","details":"Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising,\nSebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg\nSchwenk discovered that KMail could be made to leak the plaintext\nof S/MIME encrypted emails when retrieving external content in emails.\nUnder certain configurations, if a user were tricked into opening a\nspecially crafted email, an attacker could possibly use this issue to\nobtain the plaintext of an encrypted email. This update mitigates the\nissue by preventing KMail from automatically loading external content.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2017-17689)\n\nIt was discovered that KMail could be made to attach files to an email\nwithout the user's knowledge. If a user were tricked into sending an\nemail created by a specially crafted \"mailto\" link, an attacker could\npossibly use this issue to obtain sensitive files. (CVE-2020-11880)","modified":"2026-02-10T04:49:48Z","published":"2025-09-02T19:13:09Z","related":["UBUNTU-CVE-2017-17689","UBUNTU-CVE-2020-11880"],"upstream":["CVE-2017-17689","CVE-2020-11880","UBUNTU-CVE-2017-17689","UBUNTU-CVE-2020-11880"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7731-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17689"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11880"}],"affected":[{"package":{"name":"kmail","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/kmail@4:17.12.3-0ubuntu1+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:17.12.3-0ubuntu1+esm1"}]}],"versions":["4:17.04.3-0ubuntu1","4:17.08.3-0ubuntu1","4:17.08.3-0ubuntu2","4:17.12.2-0ubuntu1","4:17.12.3-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"kmail","binary_version":"4:17.12.3-0ubuntu1+esm1"},{"binary_name":"ktnef","binary_version":"4:17.12.3-0ubuntu1+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7731-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2017-17689","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-11880","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"kmail","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/kmail@4:19.12.3-0ubuntu1+esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:19.12.3-0ubuntu1+esm1"}]}],"versions":["4:19.04.3-0ubuntu2","4:19.04.3-0ubuntu3","4:19.12.3-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"kmail","binary_version":"4:19.12.3-0ubuntu1+esm1"},{"binary_name":"ktnef","binary_version":"4:19.12.3-0ubuntu1+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7731-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2020-11880","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.3"}