Public bug reported: Overview ========
The POP3 kioslave used by kmail will accept invalid certificates without presenting a dialog to the user due a bug that leads to an inability to display the dialog combined with an error in the way the result is checked. Impact ====== This flaw allows an active attacker to perform MITM attacks against the ioslave which could result in the leakage of sensitive data such as the authentication details and the contents of emails. Workaround ========== None Solution ======== Upgrade to version 4.13.3 or apply the patch at http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f ** Affects: kde4libs (Ubuntu) Importance: Undecided Status: New ** Affects: kde4libs (Ubuntu Precise) Importance: Undecided Status: New ** Affects: kde4libs (Ubuntu Saucy) Importance: Undecided Status: New ** Affects: kde4libs (Ubuntu Trusty) Importance: Undecided Status: New ** Affects: kde4libs (Ubuntu Utopic) Importance: Undecided Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3494 ** Also affects: kde4libs (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: kde4libs (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: kde4libs (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: kde4libs (Ubuntu Saucy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1332064 Title: [CVE-2014-3494] KMail/KIO POP3 SSL MITM Flaw To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1332064/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
