6 matches found
Fedora 26 : roundcubemail (2017-7263e7d321)
Roundcube Webmail 1.2.5 This is a security update to the stable version 1.2. It primarily fixes a recently discovered vulnerability in the virtualmin and sasl drivers of the password plugin plus adds a few cherry-picked bug fixes from upstream versions. A detailed list of changes is shown below...
Updated roundcubemail packages fix security vulnerability
It was discovered that roundcubemail prior to 1.0.11 contained a vulnerability in the virtualmin and sasl drivers of the password plugin CVE-2017-8114...
MGASA-2017-0181 Updated roundcubemail packages fix security vulnerability
It was discovered that roundcubemail prior to 1.0.11 contained a vulnerability in the virtualmin and sasl drivers of the password plugin CVE-2017-8114...
Internet Bug Bounty: Roundcube virtualmin privilege escalation (CVE-2017-8114)
Description Password plugin in its virtualmin driver allows to an attacker, that has a valid username/password to login in his web panel, to execute malicious inputs. This could allow to an attacker to reset victim's password and in some scenarios getting a system shell. CVE CVE-2017-8114 Details...
openSUSE Security Update : roundcubemail (openSUSE-2017-580)
This update for roundcubemail fixes one security issues and two bugs. The following vulnerability was fixed : - CVE-2017-8114: Authenticated users may have reset arbitrary passwords boo1036955 The following upstream bugs were fixed : - Fix regression in LDAP fuzzy search where it always used pref...
CVE-2017-8114
CVE-2017-8114: Roundcube Webmail vulnerability where authenticated users can arbitrarily reset passwords due to an improperly restricted exec call in the password plugin’s virtualmin and sasl drivers. Affected: <1.0.11, 1.1.x <1.1.9, 1.2.x