[USN-7732-1] KMail Account Wizard vulnerability
noreply+usn-bot at canonical.com
noreply+usn-bot at canonical.com
Wed Sep 3 14:28:56 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7732-1
September 02, 2025
kmail-account-wizard vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
KMail Account Wizard uses an insecure protocol.
Software Description:
- kmail-account-wizard: Wizard for KDE PIM applications account setup
Details:
It was discovered that KMail Account Wizard used HTTP rather than HTTPS
when retrieving certain email server configurations. An attacker could
possibly use this issue to cause email clients to use an
attacker-controlled email server.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
accountwizard 4:23.08.5-0ubuntu3+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
accountwizard 4:21.12.3-0ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
accountwizard 4:19.12.3-0ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
accountwizard 4:17.12.3-0ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7732-1
CVE-2024-50624
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250903/39224936/attachment.sig>
More information about the ubuntu-security-announce
mailing list