Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in RoundCube Webmail
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in RoundCube Webmail
ID: FEDORA-2016-d361d188d9
Distribution: Fedora
Plattformen: Fedora 25
Datum: So, 11. Dezember 2016, 10:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9920

Originalnachricht

Name        : roundcubemail
Product : Fedora 25
Version : 1.2.3
Release : 1.fc25
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

-------------------------------------------------------------------------------
-
Update Information:

**Version 1.2.3** - Searching in both contacts and groups when LDAP
addressbook
with group_filters option is used - Fix vulnerability in handling of
mail()'s
5th argument - Fix To: header encoding in mail sent with mail() method (#5475)
-
Fix flickering of header topline in min-mode (#5426) - Fix bug where folders
list would scroll to top when clicking on subscription checkbox (#5447) - Fix
decoding of GB2312/GBK text when iconv is not installed (#5448) - Fix
regression
where creation of default folders wasn't functioning without prefix (#5460)
-
Enigma: Fix bug where last records on keys list were hidden (#5461) - Enigma:
Fix key search with keyword containing non-ascii characters (#5459) - Fix bug
where deleting folders with subfolders could fail in some cases (#5466) - Fix
bug where IMAP password could be exposed via error message (#5472) - Fix bug
where it wasn't possible to store more that 2MB objects in memcache/apc,
Added
memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) - Fix
"Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
- Fix
storing "empty" values in rcube_cache/rcube_cache_shared (#5519) - Fix
missing
content check when image resize fails on attachment thumbnail generation
(#5485)
- Fix displaying attached images with wrong Content-Type specified (#5527)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1403177 - CVE-2016-9920 roundcubemail: Code execution via mail()
https://bugzilla.redhat.com/show_bug.cgi?id=1403177
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade roundcubemail' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung