Stay Secure with the Latest Linux Advisories

security advisoryfedorasoftware update

Fedora 29 Roundcube: 1.3.8 Security Advisory for XSS Issue

**Version 1.3.8** This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability plus updates to ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8. See the complete changelog below. **Changelog** - Fix PHP. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-24d1e5a2c3 2018-11-09 06:00:35.355700 --------------------------------------------------------------------------------Name : roundcubemail Product : Fedora 29 Version : 1.3.8 Release : 1.fc29 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. --------------------------------------------------------------------------------Update Information: **Version 1.3.8** This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability plus updates to ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8. See the complete changelog below. **Changelog** - Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) - Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) - Enigma: Fix deleting keys with authentication subkeys (#6381) -Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) - Fix so Classic skin splitter does not escape out of window (#6397) - Fix XSS issue in handling invalid style tag content (#6410) - Fix compatibility with MySQL 8 -error on 'system' table use - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) - Fix support for "allow-from " in "x_frame_options" config option (#6449) - Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) - Fix multiple VCard field search (#6466) - Fix session issue on long running requests (#6470) --------------------------------------------------------------------------------ChangeLog: * Fri Oct 26 2018 Remi Collet - 1.3.8-1 - update to 1.3.8 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-24d1e5a2c3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . This release for Roundcube addresses several issues, notably a significant XSS security vulnerability, and enhancescompatibility with both PHP and MySQL.. Roundcube Webmail Update, PHP Compatibility Fix, Fedora Update Notification. . Severity: Important. LinuxSecurity.com Team

Nov 09, 2018 •Important Fedora