Login-Name Passwort


Sicherheit: Ausführen beliebiger Kommandos in RoundCube Webmail
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in RoundCube Webmail
ID: FEDORA-2016-b4896f20b3
Distribution: Fedora
Plattformen: Fedora 23
Datum: Mi, 14. Dezember 2016, 07:47
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9920


Name        : roundcubemail
Product : Fedora 23
Version : 1.2.3
Release : 1.fc23
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

Update Information:

**Version 1.2.3** - Searching in both contacts and groups when LDAP
with group_filters option is used - Fix vulnerability in handling of
5th argument - Fix To: header encoding in mail sent with mail() method (#5475)
Fix flickering of header topline in min-mode (#5426) - Fix bug where folders
list would scroll to top when clicking on subscription checkbox (#5447) - Fix
decoding of GB2312/GBK text when iconv is not installed (#5448) - Fix
where creation of default folders wasn't functioning without prefix (#5460)
Enigma: Fix bug where last records on keys list were hidden (#5461) - Enigma:
Fix key search with keyword containing non-ascii characters (#5459) - Fix bug
where deleting folders with subfolders could fail in some cases (#5466) - Fix
bug where IMAP password could be exposed via error message (#5472) - Fix bug
where it wasn't possible to store more that 2MB objects in memcache/apc,
memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) - Fix
"Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
- Fix
storing "empty" values in rcube_cache/rcube_cache_shared (#5519) - Fix
content check when image resize fails on attachment thumbnail generation
- Fix displaying attached images with wrong Content-Type specified (#5527)

[ 1 ] Bug #1403177 - CVE-2016-9920 roundcubemail: Code execution via mail()

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade roundcubemail' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten