Nome do pacote
roundcubemail
Data
2010-01-19
ID Alerta
MDVSA-2010:015
Versões afetadas
MES5 i586 , MES5 x86_64

Descrição do problema

Multiple vulnerabilities has been found and corrected in transmission:

A number of dependency probles were discovered and has been corrected
with this release (#56006).

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail
0.2.2 and earlier allows remote attackers to hijack the authentication
of unspecified users for requests that modify user information via
unspecified vectors, a different vulnerability than CVE-2009-4077
(CVE-2009-4076).

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail
0.2.2 and earlier allows remote attackers to hijack the authentication
of unspecified users for requests that send arbitrary emails via
unspecified vectors, a different vulnerability than CVE-2009-4076
(CVE-2009-4077).

The updated packages have been patched to correct these
issues. Additionally roundcubemail has been upgraded to 0.2.2 that
also fixes a number of upstream bugs.

Pacotes atualizados

MES5 i586

 a1f0123588ceb9641dcf271095c32a0c  mes5/i586/roundcubemail-0.2.2-0.1mdvmes5.noarch.rpm 
 9957258d449a99eea2065481183cb412  mes5/SRPMS/roundcubemail-0.2.2-0.1mdvmes5.src.rpm

MES5 x86_64

 bb7c6fb4c4d6c26fd352ef148e7dc099  mes5/x86_64/roundcubemail-0.2.2-0.1mdvmes5.noarch.rpm 
 9957258d449a99eea2065481183cb412  mes5/SRPMS/roundcubemail-0.2.2-0.1mdvmes5.src.rpm

Referências