Bug 10939

Summary: Updated libetpan packages fix a security vulnerability (CVE-2020-15953)
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Contributed PackagesAssignee: ROSA Linux Bugs <bugs>
Status: CONFIRMED --- QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alzim, andrey.bondrov, denis.silakov, mc2374
Version: KDE4   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2020-0366.html
Whiteboard:
Platform: 2016.1 ROSA Vulnerability identifier: CVE-2020-15953
RPM Package: libetpan-1.9.3-1.1.mga7 ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2020-11-20 01:46:04 MSK 
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other
products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3.
When a server sends a "begin TLS" response, the client reads additional data
(e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS
context, aka "response injection". (CVE-2020-15953).