FEDORA-2018-77fe2e20ad — security update for thunderbird-enigmail

stable

thunderbird-enigmail-2.0.4-1.fc28

FEDORA-2018-77fe2e20ad created by lupinix 6 years ago for Fedora 28

Enigmail update to version 2.0.4, introduces fixes for the efail attack. Please check and modify your Thunderbird settings if required: https://enigmail.net/index.php/en/home/news/66-2018-05-16-efail-vulnerability-affects-encrypted-mails

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-77fe2e20ad

This update has been submitted for testing by lupinix.

6 years ago

augenauf commented & provided feedback 6 years ago

karma

2018-05-16 Efail Vulnerability Affects Encrypted Mails

Recently, a severe vulnerability called "Efail" was detected that affects Thunderbird with S/MIME and Enigmail. The vulnerability is such that you could reveal decrypted message data to a malicious third party by just reading an email, without noticing it.

We have implemented several fixes to avoid this from happening. However, Thunderbird is still vulnerable today. We therefore recommend that you:

update to Enigmail 2.0.4 as soon as possible.

view messages as "Simple HTML". This will block sending anything unintentionally to an external server. To switch to the "Simple HTML" view, go to menu View > Message Body As > Simple HTML

augenauf commented 6 years ago

while package is pending, get it from here: https://koji.fedoraproject.org/koji/packageinfo?packageID=14882

This update has been pushed to testing.

6 years ago