Описание
Security update for roundcubemail
roundcubemail was updated to version 1.1.7 and fixes the following issues:
-
Update to 1.1.7
- A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493)
- A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103)
- Avoid HTML styles that could cause potential click jacking (boo#1001856)
-
Update to 1.1.5
- Fixed security issue in DBMail driver of password plugin (CVE-2015-2181, boo#976988)
Список пакетов
openSUSE Leap 42.1
roundcubemail-1.1.7-15.1
openSUSE Leap 42.2
roundcubemail-1.1.7-15.1
Ссылки
- E-Mail link for openSUSE-SU-2016:3038-1
- SUSE Security Ratings
Описание
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.
Затронутые продукты
openSUSE Leap 42.1:roundcubemail-1.1.7-15.1
openSUSE Leap 42.2:roundcubemail-1.1.7-15.1
Ссылки
- CVE-2015-2181
- SUSE Bug 976988
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4552. Reason: This candidate is a reservation duplicate of CVE-2016-4552. Notes: All CVE users should reference CVE-2016-4552 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
openSUSE Leap 42.1:roundcubemail-1.1.7-15.1
openSUSE Leap 42.2:roundcubemail-1.1.7-15.1
Ссылки
- CVE-2016-5103
- SUSE Bug 1016744
- SUSE Bug 982003
- SUSE Bug 982703