User: Password:
Subscribe / Log in / New account

Mageia alert MGASA-2013-0325 (roundcubemail)

From:  Mageia Updates <>
Subject:  [updates-announce] MGASA-2013-0325: Updated roundcubemail package fixes security vulnerability
Date:  Mon, 18 Nov 2013 15:36:03 +0100
Message-ID:  <>
Archive-link:  Article, Thread

MGASA-2013-0325 - Updated roundcubemail package fixes security vulnerability Publication date: 18 Nov 2013 URL: Type: security Affected Mageia releases: 2, 3 CVE: CVE-2013-6172 Description: It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/ during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution (CVE-2013-6172). References: - - - - - SRPMS: - 3/core/roundcubemail-0.9.5-1.mga3 - 2/core/roundcubemail-0.7.4-1.3.mga2

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds