Security update for roundcubemail (important)

openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20852-1 Rating: important References: bsc1266329 bsc1266331 bsc1266332 bsc1266333 bsc1266334 bsc1266335 bsc1266336 bsc1266337 Cross-Reference...

OPENSUSE-SU-2026:20852-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.16 + Fix potential too long value in IMAP ID command 10136 + Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog CVE-2026-48849 bsc1266337 + Security: Fix CSS...

OPENSUSE-SU-2026:10869-1 roundcubemail-1.6.16-2.1 on GA media

These are all security issues fixed in the roundcubemail-1.6.16-2.1 package on the GA media of openSUSE Tumbleweed...

ROS-20260508-73-0008

Vulnerability in roundcubemail related to the inclusion of features from an invalid controlled scope. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260508-73-0007

Vulnerability in roundcubemail related to the use of an insecure alternate channel. Exploitation of the vulnerability could allow an attacker acting remotely to modify user projects and/or device configuration via cip commands...

ROS-20260507-73-0006

Vulnerability in roundcubemail related to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260507-73-0003

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0002

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0001

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0008

Vulnerability in roundcubemail related to a flaw in the deserialization mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260507-73-0007

Vulnerability in roundcubemail related to argument injection or modification. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

ROS-20260506-73-0004

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

Mageia: Security Advisory (MGASA-2026-0089)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated roundcubemail packages fix security vulnerability

SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...

Mageia: Security Advisory (MGASA-2026-0065)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-d684b372f1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : roundcubemail (2026-d684b372f1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d684b372f1 advisory. Release 1.6.13 - Managesieve: Fix handling of string-list format values for date tests in Out of Office 10075 - Fix remote image blocking bypass via SVG...

Fedora 43 : roundcubemail (2025-58eb59741f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-58eb59741f advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

Fedora 42 : roundcubemail (2025-fec36f9eaf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fec36f9eaf advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

Fedora: Security Advisory (FEDORA-2025-fec36f9eaf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...