Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 40 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraremote access

Fedora 43 Roundcube Webmail Update 1.6.15 Advisory on SVG Bypass

Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8ba1a085a9 2026-04-09 03:21:08.450860+00:00 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 43 Version : 1.6.15 Release : 1.fc43 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke, reported by class_nzm. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG Fix regression where mail search would fail on non-ascii search criteria (#10121) Fix regression where some data url images could get ignored/lost (#10128) Fix SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loadingvia fill/filter/stroke -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 30 2026 Remi Collet - 1.6.15-1 - update to 1.6.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454784 - CVE-2026-35543 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via animated SVG in email [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454784 [ 2 ] Bug #2454786 - CVE-2026-35545 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via SVG content in email. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454786 [ 3 ] Bug #2454793 - CVE-2026-35538 CVE-2026-35539 CVE-2026-35540 CVE-2026-35541 CVE-2026-35542 CVE-2026-35544 roundcubemail: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8ba1a085a9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Stay secure by updating to Roundcube Webmail 1.6.15 with fixes for SVG vulnerabilities. Protect your email data now.. Roundcube Webmail, security update, Fedora 43, remote image loading, information disclosure. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 09, 2026 Important Fedora
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryUbuntuimportant

Ubuntu 24.04: Roundcube Important Info Disclosure CVE-2024-42009 USN-7636-1

Roundcube Webmail could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-7636-1 July 14, 2025 roundcube vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Roundcube Webmail could be made to expose sensitive information over the network. Software Description: - roundcube: skinnable AJAX based webmail solution for IMAP servers Details: It was discovered that Roundcube Webmail incorrectly handled sanitization in the message_body function. A remote attacker could possibly use this issue to send and receive emails as another user. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS roundcube 1.6.6+dfsg-2ubuntu0.1+esm1 Available with Ubuntu Pro roundcube-core 1.6.6+dfsg-2ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7636-1 CVE-2024-42009 . Roundcube Webmail for Ubuntu 24.04 LTS leaks confidential information through the network. Urgent updates suggested.. Roundcube Webmail, Ubuntu security, information disclosure. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 15, 2025 Important Ubuntu
Banner 4 1028x280 1708121825 1771600306
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticalremote code execution

Ubuntu 25.04: USN-7584-1 critical: roundcube remote code execution

Roundcube Webmail could allow remote code execution.. ========================================================================== Ubuntu Security Notice USN-7584-1 June 19, 2025 roundcube vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Roundcube Webmail could allow remote code execution. Software Description: - roundcube: skinnable AJAX based webmail solution for IMAP servers Details: It was discovered that Roundcube Webmail did not properly sanitize the _from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 roundcube 1.6.10+dfsg-1ubuntu0.1 roundcube-core 1.6.10+dfsg-1ubuntu0.1 Ubuntu 24.10 roundcube 1.6.8+dfsg-2ubuntu0.1 roundcube-core 1.6.8+dfsg-2ubuntu0.1 Ubuntu 24.04 LTS roundcube 1.6.6+dfsg-2ubuntu0.1 roundcube-core 1.6.6+dfsg-2ubuntu0.1 Ubuntu 22.04 LTS roundcube 1.5.0+dfsg.1-2ubuntu0.1~esm4 Available with Ubuntu Pro roundcube-core 1.5.0+dfsg.1-2ubuntu0.1~esm4 Available with Ubuntu Pro roundcube-plugins 1.5.0+dfsg.1-2ubuntu0.1~esm4 Available with Ubuntu Pro Ubuntu 20.04 LTS roundcube 1.4.3+dfsg.1-1ubuntu0.1~esm5 Available with Ubuntu Pro roundcube-core 1.4.3+dfsg.1-1ubuntu0.1~esm5 Available with Ubuntu Pro roundcube-plugins 1.4.3+dfsg.1-1ubuntu0.1~esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS roundcube 1.3.6+dfsg.1-1ubuntu0.1~esm5 Available with Ubuntu Pro roundcube-core 1.3.6+dfsg.1-1ubuntu0.1~esm5 Available with Ubuntu Pro roundcube-plugins 1.3.6+dfsg.1-1ubuntu0.1~esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS roundcube 1.2~beta+dfsg.1-0ubuntu1+esm6 Available with Ubuntu Pro roundcube-core 1.2~beta+dfsg.1-0ubuntu1+esm6 Available with Ubuntu Pro roundcube-plugins 1.2~beta+dfsg.1-0ubuntu1+esm6 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7584-1 CVE-2025-49113 Package Information: https://launchpad.net/ubuntu/+source/roundcube/1.6.10+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/roundcube/1.6.8+dfsg-2ubuntu0.1 https://launchpad.net/ubuntu/+source/roundcube/1.6.6+dfsg-2ubuntu0.1 . Notice of Ubuntu Security USN-7584-1 highlights a vulnerability in Roundcube that could lead to remote code execution across various Ubuntu releases.. Roundcube Security, Ubuntu Roundcube Update, Remote Code Execution Ubuntu. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 20, 2025 Critical Ubuntu
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorawebmail

Fedora 41: 2025-a5f56fe8ff critical: roundcubemail RCE issue

This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a5f56fe8ff 2025-06-11 03:51:24.306039+00:00 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 41 Version : 1.6.11 Release : 1.fc41 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG Managesieve: Fix match-type selector (remove unsupported options) in delete header action (#9610) Improve installer to fix confusion about disabling SMTP authentication (#9801) Fix PHP warning in index.php (#9813) OAuth: Fix/improve token refresh Fix dark modebug where wrong colors were used for blockquotes in HTML mail preview (#9820) Fix HTML message preview if it contains floating tables (#9804) Fix removing/expiring redis/memcache records when using a key prefix Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781) Fix a default value and documentation of password_ldap_encodage option (#9658) Remove mobile/floating Create button from the list in Settings > Folders (#9661) Fix Delete and Empty buttons state while creating a folder (#9047) Fix connecting to LDAP using ldapi:// URI (#8990) Fix cursor position on "below the quote" reply in HTML mode (#8700) Fix bug where attachments with content type of application/vnd.ms-tnef were not parsed (#7119) -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 2 2025 Remi Collet - 1.6.11-1 - update to 1.6.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369708 - CVE-2025-49113 roundcubemail: From CVEorg collector [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2369708 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a5f56fe8ff' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Latest security patch for Roundcube Webmail on Fedora improves reliability and mitigates RCE vulnerabilities. Update is advised.. Roundcube Update, Fedora Security Patch, PHP Object Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 11, 2025 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysoftware updateremote code execution

Debian 11: DLA-4211-1 moderate: roundcube remote code execution

Kirill Firsov discovered that Roundcube, a skinnable AJAX based webmail solution for IMAP servers, was performing PHP Object deserialization on unvalidated input, which could lead to remote code execution by an authenticated attacker. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4211-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin June 09, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u5 CVE ID : CVE-2025-49113 Debian Bug : 1107073 Kirill Firsov discovered that Roundcube, a skinnable AJAX based webmail solution for IMAP servers, was performing PHP Object deserialization on unvalidated input, which could lead to remote code execution by an authenticated attacker. For Debian 11 bullseye, these problems have been fixed in version 1.4.15+dfsg.1-1+deb11u5. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/roundcube Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest Roundcube version fixes a serious vulnerability that permits code execution through unchecked input. Users should update promptly to enhance security.. Debian Security, Roundcube Update, Remote Code, Security Update, IMAP Webmail. . LinuxSecurity.com Team

Calendar 2 Jun 09, 2025 Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate

Fedora 39: FEDORA-2024-b60eb661a4 Critical XSS in Roundcube Webmail

Version 1.6.8 Managesieve: Protect special scripts in managesieve_kolab_master mode Fix newmail_notifier notification focus in Chrome (#9467) Fix fatal error when parsing some TNEF attachments (#9462) Fix double scrollbar when composing a mail with many plain text lines (#7760). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-b60eb661a4 2024-08-15 14:22:26.297565 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 39 Version : 1.6.8 Release : 1.fc39 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Version 1.6.8 Managesieve: Protect special scripts in managesieve_kolab_master mode Fix newmail_notifier notification focus in Chrome (#9467) Fix fatal error when parsing some TNEF attachments (#9462) Fix double scrollbar when composing a mail with many plain text lines (#7760) Fix decoding mail parts with multiple base64-encoded text blocks (#9290) Fix bug where some messages could get malformed in an import from a MBOX file (#9510) Fix invalid line break characters in multi-line text in Sieve scripts (#9543) Fix bug where "with attachment" filter could fail on some fts engines (#9514) Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) Fix bug where a long subject title could not bedisplayed in some cases (#9416) Fix infinite loop when parsing malformed Sieve script (#9562) Fix bug where imap_conn_option's 'socket' was ignored (#9566) Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 5 2024 Remi Collet - 1.6.8-1 - update to 1.6.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2303070 - CVE-2024-42008 roundcubemail: A Cross-Site Scripting vulnerability in rcmail_action_mail_get-> run() in Roundcube [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2303070 [ 2 ] Bug #2303075 - CVE-2024-42009 roundcubemail: A Cross-Site Scripting vulnerability in Roundcube [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2303075 [ 3 ] Bug #2303095 - CVE-2024-42010 roundcubemail: information leak due to insufficient CSS filtering [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2303095 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b60eb661a4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Important enhancements for Roundcube Mail on Fedora, addressing multiple issues, notably including Cross-Site Scripting (XSS) vulnerabilities.. Roundcube Security, Fedora Updates, XSS Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 15, 2024 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderateupdate

Debian 11: DSA-5744-3 Critical Update on Roundcube Code Injection Issue

Multiple cross-site scripting vulnerabilities were discovered in RoundCube webmail. For the oldstable distribution (bullseye), these problems have been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5743-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 13, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundcube CVE ID : CVE-2024-42008 CVE-2024-42009 CVE-2024-42010 Multiple cross-site scripting vulnerabilities were discovered in RoundCube webmail. For the oldstable distribution (bullseye), these problems have been fixed in version 1.4.15+dfsg.1-1+deb11u4. For the stable distribution (bookworm), these problems have already been addressed in DSA-5743-1. The initial fixes introduced a regression in print previews, which has now been addressed in 1.6.5+dfsg-1+deb12u4. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/roundcube Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Numerous vulnerabilities in RoundCube's cross-site scripting have been patched for Debian, significantly improving the security of webmail services.. Roundcube Security Update, Debian Advisory DSA-5743-2, Cross-Site Scripting Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 13, 2024 Critical Debian
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebiancross-site scripting

Debian 10: DLA-3835-1 Severe: Roundcube Cross-Site Scripting Risks

Cross-site scripting (XSS) vulnerabilities were discovered in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code and might lead to privilege escalation or information disclosure. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3835-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin June 17, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : roundcube Version : 1.3.17+dfsg.1-1~deb10u6 CVE ID : CVE-2024-37383 CVE-2024-37384 Debian Bug : 1071474 Cross-site scripting (XSS) vulnerabilities were discovered in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code and might lead to privilege escalation or information disclosure. CVE-2024-37383 Valentin T. and Lutz Wolf of CrowdStrike discovered that Roundcube allows XSS via SVG animate attributes. CVE-2024-37384 Huy NguyỠn Phạm Nhật discovered that Roundcube allows XSS via list columns from user preferences. For Debian 10 buster, these problems have been fixed in version 1.3.17+dfsg.1-1~deb10u6. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/roundcube Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The Debian LTS advisory DLA-3836-1 highlights critical vulnerabilities in the DokuWiki software. Users are urged to perform updates to enhance system security.. Debian Security, Roundcube Updates, XSSFixes, LTS Advisory. . LinuxSecurity.com Team

Calendar 2 Jun 17, 2024 Debian LTS
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here