Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: Roundcube 1.1.2 Moderate: Fixed XSS Security Issues

fedora
Calendar Grey July 29, 2015
Dist Fedora Esm H88
Roundcube Webmail has released a security patch addressing significant concerns such as cross-site scripting vulnerabilities and unauthorized directory access.
**Release 1.1.2** * Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358) * Add option to place signature at bottom of the quoted text ev...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

**Release 1.1.2** * Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358) * Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below] * Fix handling of %-encoded entities in mailto: URLs (#1490346) * Fix zipped messages downloads after selecting all messages in a folder (#1490339) * Fix vpopmaild driver of password plugin * Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343) * Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337) * Fix message list header in classic skin on window resize in Internet Explorer (#1490213) * Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325) * Fix lack of signature separator for plain text signatures in html mode (#1490352) * Fix font artifact in Google Chrome on Windows (#1490353) * Fix bug where forced extwin pa...

Topics%20covered

Topics Covered

security advisory update Fedora XSS webmail Roundcube

Change Log

* Wed Jul 8 2015 Remi Collet - 1.1.2-1 - update to 1.1.2 for CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 * Thu Jun 18 2015 Fedora Release Engineering - 1.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Wed Mar 25 2015 Robert Scheck - 1.1.1-2 - switch run-time requirement from php-mcrypt to php-openssl * Fri Mar 20 2015 Remi Collet - 1.1.1-1 - update to 1.1.1 * Wed Mar 4 2015 Remi Collet - 1.1.0-2 - add optional dependencies for LDAP management on Net_LDAP2 and Net_LDAP3 * Mon Feb 16 2015 Remi Collet - 1.1.0-1 - update to 1.1.0 - provide Nginx configuration (Fedora >= 21) - use %license * Thu Feb 5 2015 Jon Ciesla - 1.0.5-1 - Fix for security issues. * Sat Dec 20 2014 Adam Williamson - 1.0.4-2 - drop tinymce bbcode plugin for safety (CVE-2012-4230) * Sat Dec 20 2014 Adam Williamson - 1.0.4-1 - new release 1.0.4 (security update)

References


[ 1 ] Bug #1241056 - CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6 https://bugzilla.redhat.com/show_bug.cgi?id=1241056

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update roundcubemail' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: roundcubemail
Product: Fedora 21
Version: 1.1.2
Release: 1.fc21
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory update Fedora XSS webmail Roundcube

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here