Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
202
security advisoryimportantOpenSUSEopenSUSE Leap 16.0 roundcubemail Important Remote Image Fix 2026-20586-1
An update that solves one vulnerability and has 2 bug fixes can now be installed.. openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20586-1 Rating: important References: * bsc#1261157 * bsc#1261488 Cross-References: * CVE-2026-35537 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has 2 bug fixes can now be installed. Description: This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke, reported by class_nzm. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! + Fix regression where mail search would fail on non-ascii search criteria (#10121) + Fix regression where some data url images could get ignored/lost (#10128) + Fix SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke (bsc#1261157) - update to 1.6.14 This is a security update to the stable version 1.6 of Roundcube Webmail. + Fix Postgres connection using IPv6 address (#10104) + Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler (bsc#1261488, CVE-2026-35537) + Security: Fix bug where a password could get changed without providing the old password + Security: Fix IMAP Injection + CSRF bypass in mail search + Security: Fix remote image blocking bypass via various SVG animate attributes + Security: Fix remote image blocking bypass via a crafted body backgroundattribute + Security: Fix fixed position mitigation bypass via use of !important + Security: Fix XSS issue in a HTML attachment preview + Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-204=1 Package List: - openSUSE Leap 16.0: roundcubemail-1.6.15-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-35537.html . A critical openSUSE security update for roundcubemail addresses a remote image bypass issue and includes bug fixes.. openSUSE security update, roundcubemail patch, important update, remote image vulnerability. . Severity: Important. LinuxSecurity.com Team
Apr 21, 2026
•Important
OpenSUSE
202
security advisorysoftware updateimportantopenSUSE Backports SLE-15-SP7 Roundcube Critical Fixes Advisory 2026-0070-1
An update that fixes four vulnerabilities is now available.. openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0070-1 Rating: important References: #1255306 #1255308 #1257909 #1258052 Cross-References: CVE-2025-68460 CVE-2025-68461 CVE-2026-25916 CVE-2026-26079 CVSS scores: CVE-2026-26079 (SUSE): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for roundcubemail fixes the following issues: - update to 1.6.13 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix CSS injection vulnerability reported by CERT Polska (boo#1258052, CVE-2026-26079). + Fix remote image blocking bypass via SVG content reported by nullcathedral (boo#1257909, CVE-2026-25916). This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG + Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) + Fix CSS injection vulnerability reported by CERT Polska. + Fix remote image blocking bypass via SVG content reported by nullcathedral. - update to 1.6.12 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike (boo#1255308, CVE-2025-68461). + Fix InformationDisclosure vulnerability in the HTML style sanitizer reported by somerandomdev (boo#1255306, CVE-2025-68460). This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. + Support IPv6 in database DSN (#9937) + Don't force specific error_reporting setting + Fix compatibility with PHP 8.5 regarding array_first() + Remove X-XSS-Protection example from .htaccess file (#9875) + Fix "Assign to group" action state after creation of a first group (#9889) + Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850) + Fix bug where an mbox export file could include inconsistent message delimiters (#9879) + Fix parsing of inline styles that aren't well-formatted (#9948) + Fix Cross-Site-Scripting vulnerability via SVG's animate tag + Fix Information Disclosure vulnerability in the HTML style sanitizer Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-70=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): roundcubemail-1.6.13-bp157.2.6.1 References: https://www.suse.com/security/cve/CVE-2025-68460.html https://www.suse.com/security/cve/CVE-2025-68461.html https://www.suse.com/security/cve/CVE-2026-25916.html https://www.suse.com/security/cve/CVE-2026-26079.html https://bugzilla.suse.com/1255306 https://bugzilla.suse.com/1255308 https://bugzilla.suse.com/1257909 https://bugzilla.suse.com/1258052 . An important security update for Roundcube on openSUSE fixes critical issues and vulnerabilities. Upgrade now!. Roundcube Security Update, openSUSE Update, Roundcube Vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Mar 05, 2026
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!