Paketname
roundcubemail
Datum
2013-10-29
Advisory ID
MDVSA-2013:263
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

A vulnerability has been discovered and corrected in roundcubemail:

It was discovered that roundcube does not properly sanitize the
_session parameter in steps/utils/save_pref.inc during saving
preferences. The vulnerability can be exploited to overwrite
configuration settings and subsequently allowing random file access,
manipulated SQL queries and even code execution (CVE-2013-6172).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

MES5 i586

 43db9d920773fff72cdd3f7c7803c1f9  mes5/i586/roundcubemail-0.7.4-0.3mdvmes5.2.noarch.rpm 
 7ac3195a316ef50dc456784f64e59cba  mes5/SRPMS/roundcubemail-0.7.4-0.3mdvmes5.2.src.rpm

MBS1 x86_64

 2daded1fea6474865e158ae03855b54f  mbs1/x86_64/roundcubemail-0.8.6-1.2.mbs1.noarch.rpm 
 61f64e3bc8423e82f4ec22cd3b6e18fb  mbs1/SRPMS/roundcubemail-0.8.6-1.2.mbs1.src.rpm

MES5 x86_64

 4485b3258928a975c67a84b75fb1c072  mes5/x86_64/roundcubemail-0.7.4-0.3mdvmes5.2.noarch.rpm 
 7ac3195a316ef50dc456784f64e59cba  mes5/SRPMS/roundcubemail-0.7.4-0.3mdvmes5.2.src.rpm

Referenzen