openSUSE: 2021:0959-1 important: roundcubemail
Description
This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-959=1
Package List
- openSUSE Backports SLE-15-SP2 (noarch): roundcubemail-1.3.16-bp152.4.10.1
References
- CVE-2020-18670: Cross Site Scripting (XSS) vulneraibility via database host and user in /installer/test.php (boo#1187707) - CVE-2020-18671: Cross Site Scripting (XSS) vulnerability via smtp config in /installer/test.php (boo#1187706) - CVE-2020-35730: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content (boo#1180399) This update was imported from the openSUSE:Leap:15.2:Update update project.References: https://www.suse.com/security/cve/CVE-2020-18670.html https://www.suse.com/security/cve/CVE-2020-18671.html https://www.suse.com/security/cve/CVE-2020-35730.html https://bugzilla.suse.com/1180399 https://bugzilla.suse.com/1187706 https://bugzilla.suse.com/1187707