openSUSE-SU-2023:0345-1

Опубликовано: 02 нояб. 2023

Источник: suse-cvrf

Описание

Security update for roundcubemail

This update for roundcubemail fixes the following issues:

Update to version 1.6.4 (boo#1216429):

CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG in HTML messages
Fix PHP8 warnings
Fix default 'mime.types' path on Windows
Managesieve: Fix javascript error when relational or spamtest extension is not enabled

Список пакетов

SUSE Package Hub 15 SP5

roundcubemail-1.6.4-bp155.2.6.1

openSUSE Leap 15.5

roundcubemail-1.6.4-bp155.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GGRBYUWS4WS3V7Z75JPLZ6VMUDQER3SA/
E-Mail link for openSUSE-SU-2023:0345-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216429
SUSE Bug 1216429
https://www.suse.com/security/cve/CVE-2023-5631/
SUSE CVE CVE-2023-5631 page

Описание

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

Затронутые продукты

SUSE Package Hub 15 SP5:roundcubemail-1.6.4-bp155.2.6.1

openSUSE Leap 15.5:roundcubemail-1.6.4-bp155.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-5631.html
CVE-2023-5631
https://bugzilla.suse.com/1216405
SUSE Bug 1216405

openSUSE-SU-2023:0345-1

Описание

Список пакетов

SUSE Package Hub 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-5631

Описание

Затронутые продукты

Ссылки