drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in roundcubemail
Name: |
Zwei Probleme in roundcubemail |
|
ID: |
FEDORA-2011-4038 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 15 |
|
Datum: |
Di, 29. März 2011, 08:29 |
|
Referenzen: |
http://trac.roundcube.net/changeset/4488
http://trac.roundcube.net/changeset/4490 |
|
Applikationen: |
RoundCube Webmail |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-4038 2011-03-25 06:40:01 ------------------------------------------------------------------------------- -
Name : roundcubemail Product : Fedora 15 Version : 0.5.1 Release : 1.fc15 URL : http://www.roundcube.net Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires the MySQL database or the PostgreSQL database. The user interface is fully skinnable using XHTML and CSS 2.
------------------------------------------------------------------------------- - Update Information:
Roundcube Webmail upstream has released v0.5.1 version: [1] http://trac.roundcube.net/wiki/Changelog
which adds one security hardening: 1), Security: add optional referer check to prevent CSRF in GET requests Relevant patches: [2] http://trac.roundcube.net/changeset/4503 [3] http://trac.roundcube.net/changeset/4504
and fixes two security flaws: 2), Security: protect login form submission from CSRF Relevant patch: [4] http://trac.roundcube.net/changeset/4490 3), Security: prevent from relaying malicious requests through modcss.inc Relevant patch: [5] http://trac.roundcube.net/changeset/4488
References: [6] http://www.openwall.com/lists/oss-security/2011/03/24/3 (CVE Request) [7] http://roundcube.net/news [8] http://sourceforge.net/news/?group_id=139281&id=297236 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #690457 - roundcubemail: v0.5.1 two security fixes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=690457 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update roundcubemail' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|