|
|
Subscribe / Log in / New account

Mageia alert MGASA-2024-0193 (roundcubemail)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2024-0193: Updated roundcubemail packages fix security vulnerabilities


Date:
              Sun, 26 May 2024 01:39:47 +0200


Message-ID:
              <20240525233947.39B75A002B@duvel.mageia.org>


Archive-link:
              Article


MGASA-2024-0193 - Updated roundcubemail packages fix security vulnerabilities

Publication date: 25 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0193.html
Type: security
Affected Mageia releases: 9

Description:
This is a security update to the stable version 1.6 of Roundcube
Webmail.
Fix cross-site scripting (XSS) vulnerability in handling SVG animate
attributes.
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
Fix cross-site scripting (XSS) vulnerability in handling list columns
from user preferences.
Reported by Huy Nguyễn Phạm Nhật.
Fix command injection via crafted im_convert_path/im_identify_path on
Windows.
Reported by Huy Nguyễn Phạm Nhật.
This version is considered stable and we recommend to update all
productive installations of Roundcube 1.6.x with it. Please do backup
your data before updating!

References:
- https://bugs.mageia.org/show_bug.cgi?id=33229
- https://github.com/roundcube/roundcubemail/releases/tag/1...

SRPMS:
- 9/core/roundcubemail-1.6.7-1.mga9
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds