Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
202
security advisoryimportantOpenSUSEopenSUSE Roundcube Major Remote Asset Display Weakness 2026-0141-2
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0141-1 Rating: important References: #1261157 #1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for roundcubemail fixes the following issues: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke, reported by class_nzm. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! + Fix regression where mail search would fail on non-ascii search criteria (#10121) + Fix regression where some data url images could get ignored/lost (#10128) + Fix SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke (boo#1261157) - update to 1.6.14 This is a security update to the stable version 1.6 of Roundcube Webmail. + Fix Postgres connection using IPv6 address (#10104) + Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler (boo#1261488, CVE-2026-35537) + Security: Fix bug where a password could get changed without providing the old password + Security: Fix IMAP Injection + CSRF bypass in mail search + Security: Fix remote image blocking bypass viavarious SVG animate attributes + Security: Fix remote image blocking bypass via a crafted body background attribute + Security: Fix fixed position mitigation bypass via use of !important + Security: Fix XSS issue in a HTML attachment preview + Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-141=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): roundcubemail-1.6.15-bp157.2.9.1 References: https://www.suse.com/security/cve/CVE-2026-35537.html https://bugzilla.suse.com/1261157 https://bugzilla.suse.com/1261488 . Update for openSUSE fixes important issues in Roundcube including security bypasses and errata updates.. openSUSE roundcube security patch vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Apr 20, 2026
•Important
OpenSUSE
89
security advisoryfedoraimportantFedora 42 Roundcube 1.6.15 Important SVG Bypass Security 2026-051825ca18
Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-051825ca18 2026-04-09 03:36:41.952460+00:00 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 42 Version : 1.6.15 Release : 1.fc42 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke, reported by class_nzm. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG Fix regression where mail search would fail on non-ascii search criteria (#10121) Fix regression where some data url images could get ignored/lost (#10128) Fix SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loadingvia fill/filter/stroke -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 30 2026 Remi Collet - 1.6.15-1 - update to 1.6.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454784 - CVE-2026-35543 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via animated SVG in email [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454784 [ 2 ] Bug #2454786 - CVE-2026-35545 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via SVG content in email. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454786 [ 3 ] Bug #2454793 - CVE-2026-35538 CVE-2026-35539 CVE-2026-35540 CVE-2026-35541 CVE-2026-35542 CVE-2026-35544 roundcubemail: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-051825ca18' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Roundcube Webmail update fixes SVG bypass issues and ensures security in Fedora 42. Stay secure with the latest updates!. Roundcube Webmail update, SVG security fix, remote access control, Fedora security patch. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
Fedora
89
security advisoryfedoraremote accessFedora 43 Roundcube Webmail Update 1.6.15 Advisory on SVG Bypass
Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8ba1a085a9 2026-04-09 03:21:08.450860+00:00 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 43 Version : 1.6.15 Release : 1.fc43 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke, reported by class_nzm. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG Fix regression where mail search would fail on non-ascii search criteria (#10121) Fix regression where some data url images could get ignored/lost (#10128) Fix SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loadingvia fill/filter/stroke -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 30 2026 Remi Collet - 1.6.15-1 - update to 1.6.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454784 - CVE-2026-35543 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via animated SVG in email [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454784 [ 2 ] Bug #2454786 - CVE-2026-35545 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via SVG content in email. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454786 [ 3 ] Bug #2454793 - CVE-2026-35538 CVE-2026-35539 CVE-2026-35540 CVE-2026-35541 CVE-2026-35542 CVE-2026-35544 roundcubemail: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8ba1a085a9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Stay secure by updating to Roundcube Webmail 1.6.15 with fixes for SVG vulnerabilities. Protect your email data now.. Roundcube Webmail, security update, Fedora 43, remote image loading, information disclosure. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
Fedora
203
security advisorycriticalroundcubemailMageia 9 Roundcube Critical SVG Bypass Fix MGASA-2026-0089
MGASA-2026-0089 - Updated roundcubemail packages fix security vulnerability. MGASA-2026-0089 - Updated roundcubemail packages fix security vulnerability Publication date: 07 Apr 2026 URL: https://advisories.mageia.org/MGASA-2026-0089.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-35545 Description: SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed. References: - https://bugs.mageia.org/show_bug.cgi?id=35302 - https://github.com/roundcube/roundcubemail/releases/tag/1.6.15 - https://www.cve.org/CVERecord?id=CVE-2026-35545 SRPMS: - 9/core/roundcubemail-1.6.15-1.mga9 . Updated Roundcube packages address a critical SVG bypass vulnerability in Mageia 9. Apply fixes promptly to protect your systems.. Roundcube, Mageia, SVG Bypass, Security Advisory, Remote Loading. . Severity: Critical. LinuxSecurity.com Team
Apr 07, 2026
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!