Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 38: 2023-0fd9865145 Moderate: Roundcubemail XSS Issue Fix

fedora
Calendar Grey November 15, 2023
Dist Fedora Esm H88
Fedora's roundcubemail 1.6.5 addresses XSS flaws and corrects PHP issues in the latest IMAP client software releases.
**Release 1.6.5** - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) - Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital ...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

**Release 1.6.5** - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) - Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) - Fix PHP warnings (#9174) - Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) - Fix bug where images attached to application/smil messages weren't displayed (#8870) - Fix PHP string replacement error in utils/error.php (#9185) - Fix regression where `smtp_user` did not allow pre/post strings before/after `%u` placeholder (#9162) - Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download

Topics%20covered

Topics Covered

security advisory fedora software update webmail xss php fix roundcubemail

Change Log

* Mon Nov 6 2023 Remi Collet - 1.6.5-1 - update to 1.6.5

References


[ 1 ] Bug #2248088 - CVE-2023-47272 roundcubemail: allows XSS via a Content-Type or Content-Disposition header https://bugzilla.redhat.com/show_bug.cgi?id=2248088

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0fd9865145' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: roundcubemail
Product: Fedora 38
Version: 1.6.5
Release: 1.fc38
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory fedora software update webmail xss php fix roundcubemail

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here