Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Security Vulnerabilities in Roundcube Webmail for Ubuntu 18.04 USN-8132-1

Calendar Mar 30, 2026 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory remote code execution cross site scripting Ubuntu roundcube IMAP injection
Several security issues were fixed in Roundcube Webmail. 
==========================================================================
Ubuntu Security Notice USN-8132-1
March 30, 2026

roundcube vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Roundcube Webmail.

Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack

Details:

It was discovered that Roundcube Webmail did not properly sanitize 
certain HTML elements within the e-mail body. An attacker could possibly 
use this issue to cause a cross-site scripting attack. This issue was only 
addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069)

It was discovered that Roundcube Webmail did not properly handle certain 
configuration parameters. An attacker could possibly use this issue to 
execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS. 
(CVE-2016-9920)

It was discovered that Roundcube Webmail did not properly sanitize CSS styles 
within SVG documents. An attacker could possibly use this issue to cause 
a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2017-6820)

It was discovered that Roundcube Webmail did not properly restrict exec call in 
certain drivers of the password plugin. An authenticated user could possibly 
use this issue to perform arbitrary password resets. This issue was only addressed in 
Ubuntu 16.04 LTS. (CVE-2017-8114)

It was discovered that Roundcube Webmail did not properly set file permissions within 
the Enigma plugin. An attacker could possibly use this issue to exfiltrate GPG private 
keys via network connectivity. (CVE-2018-1000071)

It was discovered that Roundcube Webmail did not properly handle GnuPG MDC 
integrity-protection warnings. An attacker could possibly use this issue to obtain 
sensitive information from encrypted communications. (CVE-2018-19205)

It was discovered that Roundcube Webmail did not properly sanitize  and

Security Vulnerabilities in Roundcube Webmail for Ubuntu 18.04 USN-8132-1

ubuntu
Calendar Grey March 30, 2026
Dist Ubuntu Esm H88
Several security issues in Roundcube Webmail for Ubuntu fixed. Update advised for affected versions immediately.
Several security issues were fixed in Roundcube Webmail.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Roundcube Webmail. Software Description: - roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack Details: It was discovered that Roundcube Webmail did not properly sanitize certain HTML elements within the e-mail body. An attacker could possibly use this issue to cause a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069) It was discovered that Roundcube Webmail did not properly handle certain configuration parameters. An attacker could possibly use this issue to execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-9920) It was discovered that Roundcube Webmail did not properly sanitize CSS styles within SVG documents. An attacker could possibly use this issue to cause a cross-site scripting attack. T...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory remote code execution cross site scripting Ubuntu roundcube IMAP injection

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS roundcube-core 1.3.6+dfsg.1-1ubuntu0.1~esm7 Available with Ubuntu Pro roundcube-plugins 1.3.6+dfsg.1-1ubuntu0.1~esm7 Available with Ubuntu Pro Ubuntu 16.04 LTS roundcube-core 1.2~beta+dfsg.1-0ubuntu1+esm7 Available with Ubuntu Pro roundcube-plugins 1.2~beta+dfsg.1-0ubuntu1+esm7 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8132-1

CVE-2016-4068, CVE-2016-4069, CVE-2016-9920, CVE-2017-6820,

CVE-2017-8114, CVE-2018-1000071, CVE-2018-19205, CVE-2018-19206,

CVE-2018-9846, CVE-2019-10740

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8132-1

Topics%20covered

Topics Covered

security advisory remote code execution cross site scripting Ubuntu roundcube IMAP injection

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here