UBUNTU-CVE-2017-17848

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-17848

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17848.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-17848

Related

CVE-2017-17848

Published

2017-12-27T17:08:00Z

Modified

2025-01-13T10:21:30Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.

References

Affected packages

Ubuntu:14.04:LTS / enigmail

Package

Name: enigmail
Purl: pkg:deb/ubuntu/enigmail@2:1.9.9-0ubuntu0.14.04.1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:1.9.9-0ubuntu0.14.04.1

Affected versions

2:1.*

2:1.5.2-0ubuntu1

2:1.7-0ubuntu0.14.04.1

2:1.7.2-0ubuntu0.14.04.1

2:1.8.2-0ubuntu0.14.04.1

2:1.9.7-0ubuntu0.14.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "binary_version": "2:1.9.9-0ubuntu0.14.04.1",
            "binary_name": "enigmail"
        }
    ]
}

Ubuntu:16.04:LTS / enigmail

Package

Name: enigmail
Purl: pkg:deb/ubuntu/enigmail@2:1.9.9-0ubuntu0.16.04.1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:1.9.9-0ubuntu0.16.04.1

Affected versions

2:1.*

2:1.8.2-0ubuntu1

2:1.8.2-4fakesync1

2:1.9.1-1

2:1.9.7-1~ubuntu0.16.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "binary_version": "2:1.9.9-0ubuntu0.16.04.1",
            "binary_name": "enigmail"
        }
    ]
}