Nome do pacote
roundcubemail
Data
2013-04-21
ID Alerta
MDVSA-2013:149
Versões afetadas
MBS1 x86_64

Descrição do problema

A vulnerability has been found and corrected in roundcubemail:

A local file inclusion flaw was found in the way RoundCube Webmail,
a browser-based multilingual IMAP client, performed validation
of the 'generic_message_footer' value provided via web user
interface in certain circumstances. A remote attacker could issue a
specially-crafted request that, when processed by RoundCube Webmail
could allow an attacker to obtain arbitrary file on the system,
accessible with the privileges of the user running RoundCube Webmail
client (CVE-2013-1904).

The updated packages have been upgraded to the 0.8.6 version which
is not affected by this issue.

Pacotes atualizados

MBS1 x86_64

 2818bc91890e14ea575dd3e000af7dd1  mbs1/x86_64/roundcubemail-0.8.6-1.mbs1.noarch.rpm 
 2920a916b89a904922c7d0f308dd3c51  mbs1/SRPMS/roundcubemail-0.8.6-1.mbs1.src.rpm

Referências