Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: 2024-680b8ba54e Moderate: Roundcubemail XSS Issues

fedora
Calendar Grey May 31, 2024
Dist Fedora Esm H88
Roundcube's recent update tackles a variety of security vulnerabilities. Discover the newest updates and patches in Fedora 40 addressing potential security risks.
Release 1.6.7 Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) Fix bug ...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

Release 1.6.7 Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) Fix bug in collapsing/expanding folders with some special characters in names (#9324) Fix PHP8 warnings (#9363, #9365, #9429) Fix missing field labels in CSV import, for some locales (#9393) Fix command injection via crafted im_convert_path/im_identify_path on Windows Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes

Topics%20covered

Topics Covered

security advisory moderate fedora update php xss roundcubemail

Change Log

* Mon May 20 2024 Remi Collet - 1.6.7-1 - update to 1.6.7

References


[ 1 ] Bug #2281597 - roundcubemail: fix for several security vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=2281597

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-680b8ba54e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: roundcubemail
Product: Fedora 40
Version: 1.6.7
Release: 1.fc40
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory moderate fedora update php xss roundcubemail

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here