Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 43: Roundcube Webmail Low XSS & Info Disclosure 2025-58eb59741f

fedora
Calendar Grey December 25, 2025
Dist Fedora Esm H88
Roundcube Webmail 1.6.12 update in Fedora 43 addresses Cross-Site Scripting and Information Disclosure vulnerabilities.
Release 1.6.12 Support IPv6 in database DSN (#9937) Don't force specific error_reporting setting Fix compatibility with PHP 8.5 regarding array_first() Remove X-XSS-Protection exam...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

Release 1.6.12 Support IPv6 in database DSN (#9937) Don't force specific error_reporting setting Fix compatibility with PHP 8.5 regarding array_first() Remove X-XSS-Protection example from .htaccess file (#9875) Fix "Assign to group" action state after creation of a first group (#9889) Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850) Fix bug where an mbox export file could include inconsistent message delimiters (#9879) Fix parsing of inline styles that aren't well-formatted (#9948) Fix Cross-Site-Scripting vulnerability via SVG's animate tag Fix Information Disclosure vulnerability in the HTML style sanitizer

Topics%20covered

Topics Covered

security advisory fedora cross site scripting information disclosure low roundcubemail

Change Log

* Mon Dec 15 2025 Remi Collet - 1.6.12-1 - update to 1.6.12

References


[ 1 ] Bug #2423517 - CVE-2025-68461 roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2423517 [ 2 ] Bug #2423531 - CVE-2025-68460 roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2423531

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-58eb59741f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
low
Lowest
Low
Medium
High
Critical

Name: roundcubemail
Product: Fedora 43
Version: 1.6.12
Release: 1.fc43
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory fedora cross site scripting information disclosure low roundcubemail

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here