User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0325 (roundcubemail)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2013-0325: Updated roundcubemail package fixes security vulnerability
Date:  Mon, 18 Nov 2013 15:36:03 +0100
Message-ID:  <20131118143603.54F3F48BF9@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2013-0325 - Updated roundcubemail package fixes security vulnerability Publication date: 18 Nov 2013 URL: http://advisories.mageia.org/MGASA-2013-0325.html Type: security Affected Mageia releases: 2, 3 CVE: CVE-2013-6172 Description: It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution (CVE-2013-6172). References: - https://bugs.mageia.org/show_bug.cgi?id=11552 - http://roundcube.net/news/2013/10/21/security-updates-095... - http://www.debian.org/security/2013/dsa-2787 - http://www.mandriva.com/en/support/security/advisories/ad... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6172 SRPMS: - 3/core/roundcubemail-0.9.5-1.mga3 - 2/core/roundcubemail-0.7.4-1.3.mga2


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds