Explore top 10 tips to secure your open-source projects now. Read More
×
This update for roundcubemail fixes the following issues:
roundcubemail was upgraded to 1.3.15
This is a security update to the LTS version 1.3. (boo#1175135)
* Security: Fix cross-site scripting (XSS) via HTML messages with
malicious svg content [CVE-2020-16145]
* Security: Fix cross-site scripting (XSS) via HTML messages with
malicious math content
From 1.3.14 (boo#1173792 -> CVE-2020-15562)
* Security: Fix cross-site scripting (XSS) via HTML messages with
malicious svg/namespace
From 1.3.13
* Installer: Fix regression in SMTP test section (#7417)
From 1.3.12
* Security: Better fix for CVE-2020-12641 (boo#1171148)
* Security: Fix XSS issue in template object 'username' (#7406)
* Security: Fix couple of XSS issues in Installer (#7406)
* Security: Fix cross-site scripting (XSS) via malicious XML attachment
From 1.3.11 (boo#1171148 -> CVE-2020-12641 boo#1171040 -> CVE-2020-12625
boo#1171149...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1516=1
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1516=1
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-1516=1
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-1516=1
- openSUSE Leap 15.2 (noarch):
roundcubemail-1.3.15-lp152.4.3.1
- openSUSE Leap 15.1 (noarch):
roundcubemail-1.3.15-lp151.3.3.1
- openSUSE Backports SLE-15-SP2 (noarch):
roundcubemail-1.3.15-bp152.4.3.1
- openSUSE Backports SLE-15-SP1 (noarch):
roundcubemail-1.3.15-bp151.4.3.1
https://www.suse.com/security/cve/CVE-2019-10740.html
https://www.suse.com/security/cve/CVE-2020-12625.html
https://www.suse.com/security/cve/CVE-2020-12640.html
https://www.suse.com/security/cve/CVE-2020-12641.html
https://www.suse.com/security/cve/CVE-2020-15562.html
https://www.suse.com/security/cve/CVE-2020-16145.html
https://bugzilla.suse.com/1115718
https://bugzilla.suse.com/1115719
https://bugzilla.suse.com/1146286
https://bugzilla.suse.com/1171040
https://bugzilla.suse.com/1171148
https://bugzilla.suse.com/1171149
https://bugzilla.suse.com/1173792
https://bugzilla.suse.com/1175135
--
Get the latest Linux and open source security news straight to your inbox.