Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: 2024-2e908e829a Critical: Roundcubemail XSS Issues

fedora
Calendar Grey August 15, 2024
Dist Fedora Esm H88
The latest Roundcube Mail release introduces multiple patches that address critical vulnerabilities, notably XSS flaws, bolstering defenses on Fedora 40.
Version 1.6.8 Managesieve: Protect special scripts in managesieve_kolab_master mode Fix newmail_notifier notification focus in Chrome (#9467) Fix fatal error when parsing some TNEF...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

Version 1.6.8 Managesieve: Protect special scripts in managesieve_kolab_master mode Fix newmail_notifier notification focus in Chrome (#9467) Fix fatal error when parsing some TNEF attachments (#9462) Fix double scrollbar when composing a mail with many plain text lines (#7760) Fix decoding mail parts with multiple base64-encoded text blocks (#9290) Fix bug where some messages could get malformed in an import from a MBOX file (#9510) Fix invalid line break characters in multi-line text in Sieve scripts (#9543) Fix bug where "with attachment" filter could fail on some fts engines (#9514) Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) Fix bug where a long subject title could not be displayed in some cases (#9416) Fix infinite loop when parsing malformed Sieve script (#9562) Fix bug where imap_conn_option's 'socket' was ignored (#9566) Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulne...

Topics%20covered

Topics Covered

security advisory critical issue fedora notification email client roundcubemail xss fix

Change Log

* Mon Aug 5 2024 Remi Collet - 1.6.8-1 - update to 1.6.8

References


[ 1 ] Bug #2303071 - CVE-2024-42008 roundcubemail: A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303071 [ 2 ] Bug #2303076 - CVE-2024-42009 roundcubemail: A Cross-Site Scripting vulnerability in Roundcube [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303076 [ 3 ] Bug #2303096 - CVE-2024-42010 roundcubemail: information leak due to insufficient CSS filtering [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303096

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2e908e829a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: roundcubemail
Product: Fedora 40
Version: 1.6.8
Release: 1.fc40
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory critical issue fedora notification email client roundcubemail xss fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here