MGASA-2024-0193 - Updated roundcubemail packages fix security vulnerabilities

Publication date: 25 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0193.html
Type: security
Affected Mageia releases: 9

This is a security update to the stable version 1.6 of Roundcube
Webmail.
Fix cross-site scripting (XSS) vulnerability in handling SVG animate
attributes.
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
Fix cross-site scripting (XSS) vulnerability in handling list columns
from user preferences.
Reported by Huy Nguyễn Phạm Nhật.
Fix command injection via crafted im_convert_path/im_identify_path on
Windows.
Reported by Huy Nguyễn Phạm Nhật.
This version is considered stable and we recommend to update all
productive installations of Roundcube 1.6.x with it. Please do backup
your data before updating!

References:
- https://bugs.mageia.org/show_bug.cgi?id=33229
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.7

SRPMS:
- 9/core/roundcubemail-1.6.7-1.mga9

Mageia 2024-0193: roundcubemail Security Advisory Updates

This is a security update to the stable version 1.6 of Roundcube Webmail

Summary

This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike.

References

- https://bugs.mageia.org/show_bug.cgi?id=33229

- https://github.com/roundcube/roundcubemail/releases/tag/1.6.7

Resolution

MGASA-2024-0193 - Updated roundcubemail packages fix security vulnerabilities

SRPMS

- 9/core/roundcubemail-1.6.7-1.mga9

Severity
Publication date: 25 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0193.html
Type: security

Related News