Enigmail update to version 2.0.4, introduces fixes for the efail attack. Please check and modify your Thunderbird settings if required: https://enigmail.net/index.php/en/home/news/66-2018-05-16-efail-vulnerability-affects-encrypted-mails

How to install

sudo dnf upgrade --advisory=FEDORA-2018-77fe2e20ad

This update has been submitted for testing by lupinix.

3 years ago
User Icon augenauf commented & provided feedback 3 years ago
karma

2018-05-16 Efail Vulnerability Affects Encrypted Mails

Recently, a severe vulnerability called "Efail" was detected that affects Thunderbird with S/MIME and Enigmail. The vulnerability is such that you could reveal decrypted message data to a malicious third party by just reading an email, without noticing it.

We have implemented several fixes to avoid this from happening. However, Thunderbird is still vulnerable today. We therefore recommend that you:

update to Enigmail 2.0.4 as soon as possible.

view messages as "Simple HTML". This will block sending anything unintentionally to an external server. To switch to the "Simple HTML" view, go to menu View > Message Body As > Simple HTML

This update has been pushed to testing.

3 years ago
User Icon imabug provided feedback 3 years ago
karma
User Icon robbinespu commented & provided feedback 3 years ago
karma

LGTM

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1577912 CVE-2017-17688 CVE-2017-17689 thunderbird-enigmail: various flaws [fedora-all]
0
0

Automated Test Results