Debian DLA-1657-1 : debian-security-support enigmail end of life

high Nessus Plugin ID 121554

Language:

Synopsis

The remote Debian host is missing a security update.

Description

debian-security-support, the Debian security support coverage checker, has been updated in jessie.

This marks the end of life of the Enigmail package in jessie. After many months of work to try backporting the various changes and fixes required to ensure a secure Enigmail package compatible with the newest version of Thunderbird now shipped in jessie, it is the LTS team's opinion that the changes are too intrusive to ensure the stability of the distribution as a whole.

While Enigmail is still available on addons.mozilla.org, we do not recommend that package is used, as downloads and executes arbitrary binaries from the internet without the user's knowledge. It also doesn't respect's Debian commitment to free software, in that it is not buildable from source.

We instead recommend you upgrade workstations needing Enigmail to Debian stretch where proper updates are available.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected debian-security-support package.

Plugin Details

Severity: High

ID: 121554

File Name: debian_DLA-1657.nasl

Version: 1.3

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 2/4/2019

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:debian-security-support, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2/1/2019

Vulnerability Publication Date: 2/1/2019

Detections

Analytics