Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2024-0193
HistoryMay 26, 2024 - 2:39 a.m.

Updated roundcubemail packages fix security vulnerabilities

2024-05-2602:39:14
Gentoo Foundation
advisories.mageia.org
11
roundcubemail
security update
xss
command injection
vulnerability
windows

6.8 Medium

AI Score

Confidence

High

JSON

This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences. Reported by Huy Nguyễn Phạm Nhật. Fix command injection via crafted im_convert_path/im_identify_path on Windows. Reported by Huy Nguyễn Phạm Nhật. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!

OSVersionArchitecturePackageVersionFilename
Mageia9noarchroundcubemail< 1.6.7-1roundcubemail-1.6.7-1.mga9

6.8 Medium

AI Score

Confidence

High

JSON