Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42: roundcubemail Important XSS Fix with Advisory ID 2025-fec36f9eaf

fedora
Calendar Grey December 25, 2025
Dist Fedora Esm H88
Critical Roundcube updates for Fedora 42 fix XSS and info disclosure flaws, enhancing security measures.
Release 1.6.12 Support IPv6 in database DSN (#9937) Don't force specific error_reporting setting Fix compatibility with PHP 8.5 regarding array_first() Remove X-XSS-Protection exam...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

Release 1.6.12 Support IPv6 in database DSN (#9937) Don't force specific error_reporting setting Fix compatibility with PHP 8.5 regarding array_first() Remove X-XSS-Protection example from .htaccess file (#9875) Fix "Assign to group" action state after creation of a first group (#9889) Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850) Fix bug where an mbox export file could include inconsistent message delimiters (#9879) Fix parsing of inline styles that aren't well-formatted (#9948) Fix Cross-Site-Scripting vulnerability via SVG's animate tag Fix Information Disclosure vulnerability in the HTML style sanitizer

Topics%20covered

Topics Covered

security advisory fedora cross site scripting important information disclosure roundcubemail

Change Log

* Mon Dec 15 2025 Remi Collet - 1.6.12-1 - update to 1.6.12

References


[ 1 ] Bug #2423518 - CVE-2025-68461 roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2423518 [ 2 ] Bug #2423530 - CVE-2025-68460 roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2423530

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-fec36f9eaf' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: roundcubemail
Product: Fedora 42
Version: 1.6.12
Release: 1.fc42
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory fedora cross site scripting important information disclosure roundcubemail

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here