Home / mailings [USN-7731-1] KMail vulnerabilities
Posted on 03 September 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7731-1
September 02, 2025
kmail vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in KMail.
Software Description:
- kmail: Full featured graphical email client
Details:
Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising,
Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg
Schwenk discovered that KMail could be made to leak the plaintext
of S/MIME encrypted emails when retrieving external content in emails.
Under certain configurations, if a user were tricked into opening a
specially crafted email, an attacker could possibly use this issue to
obtain the plaintext of an encrypted email. This update mitigates the
issue by preventing KMail from automatically loading external content.
This issue only affected Ubuntu 18.04 LTS. (CVE-2017-17689)
It was discovered that KMail could be made to attach files to an email
without the user's knowledge. If a user were tricked into sending an
email created by a specially crafted "mailto" link, an attacker could
possibly use this issue to obtain sensitive files. (CVE-2020-11880)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
kmail 4:19.12.3-0ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
kmail 4:17.12.3-0ubuntu1+esm1
Available with Ubuntu Pro
After a standard system update you need to restart KMail to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7731-1
CVE-2017-17689, CVE-2020-11880
--===============6449668701104049306==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
