drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in RoundCube Webmail
Name: |
Preisgabe von Informationen in RoundCube Webmail |
|
ID: |
FEDORA-2017-1560290881 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 26 |
|
Datum: |
Mo, 20. November 2017, 07:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651 |
|
Applikationen: |
RoundCube Webmail |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2017-1560290881 2017-11-19 22:25:37.444141 ------------------------------------------------------------------------------- -
Name : roundcubemail Product : Fedora 26 Version : 1.3.3 Release : 1.fc26 URL : http://www.roundcube.net Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2.
------------------------------------------------------------------------------- - Update Information:
Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file- based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive installations of Roundcube. Please do backup your data before updating! **Changelog** - Fix decoding of mailto: links with + character in HTML messages (#6020) - Fix false reporting of failed upgrade in installto.sh (#6019) - Fix file disclosure vulnerability caused by insufficient input validation **CVE-2017-16651** (#6026) - Fix mangled non-ASCII characters in links in HTML messages (#6028) ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade roundcubemail' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|