Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : kdepim vulnerability (USN-725-1)

Ubuntu Security Notice (C) 2009-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

It was discovered that Kmail did not adequately prevent execution of
arbitrary code when a user clicked on a URL to an executable within an
HTML mail. If a user clicked on a malicious URL and chose to execute
the file, a remote attacker could execute arbitrary code with user
privileges. This update changes KMail's behavior to instead launch a
helper program to view the file if the user chooses to execute such a
link.

Solution :

Update the affected packages.

Risk factor :

High

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 37810 ()

Bugtraq ID:

CVE ID: