Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Roundcube Webmail.
Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack
Details:
It was discovered that Roundcube Webmail did not properly sanitize
certain HTML elements within the e-mail body. An attacker could possibly
use this issue to cause a cross-site scripting attack. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069)
It was discovered that Roundcube Webmail did not properly handle certain
configuration parameters. An attacker could possibly use this issue to
execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2016-9920)
It was discovered that Roundcube Webmail did not properly sanitize CSS styles
within SVG documents. An attacker could possibly use this issue to cause
a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2017-6820)
It was discovered that Roundcube Webmail did not prope...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
roundcube-core 1.3.6+dfsg.1-1ubuntu0.1~esm7
Available with Ubuntu Pro
roundcube-plugins 1.3.6+dfsg.1-1ubuntu0.1~esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
roundcube-core 1.2~beta+dfsg.1-0ubuntu1+esm7
Available with Ubuntu Pro
roundcube-plugins 1.2~beta+dfsg.1-0ubuntu1+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8132-1
CVE-2016-4068, CVE-2016-4069, CVE-2016-9920, CVE-2017-6820,
CVE-2017-8114, CVE-2018-1000071, CVE-2018-19205, CVE-2018-19206,
CVE-2018-9846, CVE-2019-10740
Get the latest Linux and open source security news straight to your inbox.