Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2010:048

Nom du paquet: roundcubemail
Date: 2010-02-25
Advisory ID: MDVSA-2010:048
Affected versions: MES5 i586 , MES5 x86_64

Problem description

Roundcube 0.3.1 and earlier does not request that the web browser
avoid DNS prefetching of domain names contained in e-mail messages,
which makes it easier for remote attackers to determine the network
location of the webmail user by logging DNS requests (CVE-2010-0464).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 1460408d00268a040f799f7108e053cf  mes5/i586/roundcubemail-0.2.2-0.2mdvmes5.noarch.rpm 
 5038c1f4c0d9e00698cfec5e08ebbc92  mes5/SRPMS/roundcubemail-0.2.2-0.2mdvmes5.src.rpm

MES5 x86_64

 a211f68ea54063abb925f839c70252f2  mes5/x86_64/roundcubemail-0.2.2-0.2mdvmes5.noarch.rpm 
 5038c1f4c0d9e00698cfec5e08ebbc92  mes5/SRPMS/roundcubemail-0.2.2-0.2mdvmes5.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0464