openSUSE Security Update : enigmail (openSUSE-2018-630)
Medium Nessus Plugin ID 110586
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures :
- CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525)
- CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched.
SolutionUpdate the affected enigmail package.