openSUSE Security Update: Security update for kdepim4 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1749-1 Rating: moderate References: #1044210 #1045936 Cross-References: CVE-2017-9604 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for kdepim4 fixes the following issues: - CVE-2017-9604: The kmail "send later" function does not have "sign/encryption" action ensured. (boo#1044210) The package kdepim-addons was updated to conflict with 4.x based akonadi package to prevent file conflicts. (boo#1045936) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-755=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): akonadi-4.14.10-6.5.1 akonadi-debuginfo-4.14.10-6.5.1 akregator-4.14.10-6.5.1 akregator-debuginfo-4.14.10-6.5.1 kaddressbook-4.14.10-6.5.1 kaddressbook-debuginfo-4.14.10-6.5.1 kalarm-4.14.10-6.5.1 kalarm-debuginfo-4.14.10-6.5.1 kdepim-addons-16.08.2-2.3.1 kdepim-addons-debuginfo-16.08.2-2.3.1 kdepim-addons-debugsource-16.08.2-2.3.1 kdepim4-4.14.10-6.5.1 kdepim4-debuginfo-4.14.10-6.5.1 kdepim4-debugsource-4.14.10-6.5.1 kmail-4.14.10-6.5.1 kmail-debuginfo-4.14.10-6.5.1 knode-4.14.10-6.5.1 knode-debuginfo-4.14.10-6.5.1 knotes-4.14.10-6.5.1 knotes-debuginfo-4.14.10-6.5.1 kontact-4.14.10-6.5.1 kontact-debuginfo-4.14.10-6.5.1 korganizer-4.14.10-6.5.1 korganizer-debuginfo-4.14.10-6.5.1 ktimetracker-4.14.10-6.5.1 ktimetracker-debuginfo-4.14.10-6.5.1 ktnef-4.14.10-6.5.1 ktnef-debuginfo-4.14.10-6.5.1 libkdepim4-4.14.10-6.5.1 libkdepim4-debuginfo-4.14.10-6.5.1 References: https://www.suse.com/security/cve/CVE-2017-9604.html https://bugzilla.suse.com/1044210 https://bugzilla.suse.com/1045936