--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-b4896f20b3
2016-12-13 17:09:03.159312
--------------------------------------------------------------------------------

Name        : roundcubemail
Product     : Fedora 23
Version     : 1.2.3
Release     : 1.fc23
URL         : https://roundcube.net/
Summary     : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

--------------------------------------------------------------------------------
Update Information:

**Version 1.2.3**  - Searching in both contacts and groups when LDAP addressbook
with group_filters option is used - Fix vulnerability in handling of mail()'s
5th argument - Fix To: header encoding in mail sent with mail() method (#5475) -
Fix flickering of header topline in min-mode (#5426) - Fix bug where folderslist would scroll to top when clicking on subscription checkbox (#5447) - Fix
decoding of GB2312/GBK text when iconv is not installed (#5448) - Fix regression
where creation of default folders wasn't functioning without prefix (#5460) -
Enigma: Fix bug where last records on keys list were hidden (#5461) - Enigma:
Fix key search with keyword containing non-ascii characters (#5459) - Fix bug
where deleting folders with subfolders could fail in some cases (#5466) - Fix
bug where IMAP password could be exposed via error message (#5472) - Fix bug
where it wasn't possible to store more that 2MB objects in memcache/apc,   Added
memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) - Fix
"Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508) - Fix
storing "empty" values in rcube_cache/rcube_cache_shared (#5519) - Fix missing
content check when image resize fails on attachment thumbnail generation (#5485)
- Fix displaying attached images with wrong Content-Type specified (#5527)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1403177 - CVE-2016-9920 roundcubemail: Code execution via mail()
        https://bugzilla.redhat.com/show_bug.cgi?id=1403177
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade roundcubemail' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 23: roundcubemail Security Update 2016-b4896f20b3

December 14, 2016
**Version 1.2.3** - Searching in both contacts and groups when LDAP addressbook with group_filters option is used - Fix vulnerability in handling of mail()'s 5th argument - Fix To:...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

**Version 1.2.3** - Searching in both contacts and groups when LDAP addressbook with group_filters option is used - Fix vulnerability in handling of mail()'s 5th argument - Fix To: header encoding in mail sent with mail() method (#5475) - Fix flickering of header topline in min-mode (#5426) - Fix bug where folderslist would scroll to top when clicking on subscription checkbox (#5447) - Fix decoding of GB2312/GBK text when iconv is not installed (#5448) - Fix regression where creation of default folders wasn't functioning without prefix (#5460) - Enigma: Fix bug where last records on keys list were hidden (#5461) - Enigma: Fix key search with keyword containing non-ascii characters (#5459) - Fix bug where deleting folders with subfolders could fail in some cases (#5466) - Fix bug where IMAP password could be exposed via error message (#5472) - Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) - Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508) - Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519) - Fix missing content check when image resize fails on attachment thumbnail generation (#5485) - Fix displaying attached images with wrong Content-Type specified (#5527)

Change Log

References

[ 1 ] Bug #1403177 - CVE-2016-9920 roundcubemail: Code execution via mail() https://bugzilla.redhat.com/show_bug.cgi?id=1403177

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade roundcubemail' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : roundcubemail
Product : Fedora 23
Version : 1.2.3
Release : 1.fc23
URL : https://roundcube.net/
Summary : Round Cube Webmail is a browser-based multilingual IMAP client

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved