openSUSE-SU-2017:1263-1

Опубликовано: 15 мая 2017

Источник: suse-cvrf

Описание

Security update for roundcubemail

This update for roundcubemail fixes one security issues and two bugs.

The following vulnerability was fixed:

CVE-2017-8114: Authenticated users may have reset arbitrary passwords (boo#1036955)

The following upstream bugs were fixed:

Fix regression in LDAP fuzzy search where it always used prefix search instead
Fix bug where base_dn setting was ignored inside group_filters

Список пакетов

openSUSE Leap 42.1

roundcubemail-1.1.9-17.6.1

openSUSE Leap 42.2

roundcubemail-1.1.9-17.6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-05/msg00039.html
E-Mail link for openSUSE-SU-2017:1263-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

Затронутые продукты

openSUSE Leap 42.1:roundcubemail-1.1.9-17.6.1

openSUSE Leap 42.2:roundcubemail-1.1.9-17.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-8114.html
CVE-2017-8114
https://bugzilla.suse.com/1036955
SUSE Bug 1036955

openSUSE-SU-2017:1263-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-8114

Описание

Затронутые продукты

Ссылки