Jump to:

CVE-2020-24661

Jump to:

CVE-2020-24661

Package geary updated to version 3.36.3.1-alt1 for branch sisyphus in task 256864.

Published: 2020-08-26
Modified: 2024-11-21

CVE-2020-24661

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

https://gitlab.gnome.org/GNOME/geary/-/issues/866
https://gitlab.gnome.org/GNOME/geary/-/issues/866
FEDORA-2020-95f2c5cc25
FEDORA-2020-95f2c5cc25
FEDORA-2020-d445fb484a
FEDORA-2020-d445fb484a
20200902 Cisco Jabber for Windows Information Disclosure Vulnerability
20200902 Cisco Jabber for Windows Information Disclosure Vulnerability

Version: 2.1.0

Package geary update in sisyphus on 2020-08-27

ALT-PU-2020-2692-1

Closed vulnerabilities

CVE-2020-24661