Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 38: Critical Update FEDORA-2023-78b9c1521e Fixes Roundcube XSS

fedora
Calendar Grey October 25, 2023
Dist Fedora Esm H88
Upgrade Roundcube Webmail 1.6.4 on Fedora 37 with our detailed steps, ensuring a smooth transition while maintaining functionality and security.
**Version 1.6.4** - Fix PHP8 warnings (#9142, #9160) - Fix default 'mime.types' path on Windows (#9113) - Managesieve: Fix javascript error when relational or spamtest extension is...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

**Version 1.6.4** - Fix PHP8 warnings (#9142, #9160) - Fix default 'mime.types' path on Windows (#9113) - Managesieve: Fix javascript error when relational or spamtest extension is not enabled (#9139) - Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168)

Change Log

* Mon Oct 16 2023 Remi Collet - 1.6.4-1 - update to 1.6.4

References


[ 1 ] Bug #2244535 - roundcube: cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages https://bugzilla.redhat.com/show_bug.cgi?id=2244535

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-562e77957f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: roundcubemail
Product: Fedora 37
Version: 1.6.4
Release: 1.fc37
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here