Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE 2022:10148-1 Important: RoundcubeMail XSS Fix and Updates

opensuse
Calendar Grey October 16, 2022
Dist Opensuse Esm H88
The latest roundcubemail update addresses multiple security vulnerabilities discovered, improving both application reliability and efficiency.
An update that fixes four vulnerabilities is now available

Description

This update for roundcubemail fixes the following issues:

roundcubemail was updated to 1.5.3

* Enigma: Fix initial synchronization of private keys

* Enigma: Fix double quoted-printable encoding of pgp-signed messages with

no attachments (#8413)

* Fix various PHP8 warnings (#8392)

* Fix mail headers injection via the subject field on mail compose (#8404)

* Fix bug where small message/rfc822 parts could not be decoded (#8408)

* Fix setting HTML mode on reply/forward of a signed message (#8405)

* Fix handling of RFC2231-encoded attachment names inside of a

message/rfc822 part (#8418)

* Fix bug where some mail parts (images) could have not be listed as

attachments (#8425)

* Fix bug where attachment icons were stuck at the top of the messages

list in Safari (#8433)

* Fix handling of message/rfc822 parts that are small and are multipart

structures with a single part (#8458)

* Fix bug where session could time out if DB and...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory important update openSUSE XSS fix PHP compatibility data injection RoundcubeMail

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2022-10148=1

- openSUSE Backports SLE-15-SP3:

zypper in -t patch openSUSE-2022-10148=1

Package List

- openSUSE Backports SLE-15-SP4 (noarch):

roundcubemail-1.5.3-bp154.2.3.1

- openSUSE Backports SLE-15-SP3 (noarch):

roundcubemail-1.5.3-bp153.2.3.1

References

https://www.suse.com/security/cve/CVE-2019-10740.html

https://www.suse.com/security/cve/CVE-2020-12641.html

https://www.suse.com/security/cve/CVE-2020-16145.html

https://www.suse.com/security/cve/CVE-2020-35730.html

https://bugzilla.suse.com/1180132

https://bugzilla.suse.com/1180399

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2022:10148-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP4 .

Topics%20covered

Topics Covered

security advisory important update openSUSE XSS fix PHP compatibility data injection RoundcubeMail

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here