Package name
roundcubemail
Date
2013-04-21
Advisory ID
MDVSA-2013:149
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been found and corrected in roundcubemail:

A local file inclusion flaw was found in the way RoundCube Webmail,
a browser-based multilingual IMAP client, performed validation
of the 'generic_message_footer' value provided via web user
interface in certain circumstances. A remote attacker could issue a
specially-crafted request that, when processed by RoundCube Webmail
could allow an attacker to obtain arbitrary file on the system,
accessible with the privileges of the user running RoundCube Webmail
client (CVE-2013-1904).

The updated packages have been upgraded to the 0.8.6 version which
is not affected by this issue.

Updated packages

MBS1 x86_64

 2818bc91890e14ea575dd3e000af7dd1  mbs1/x86_64/roundcubemail-0.8.6-1.mbs1.noarch.rpm 
 2920a916b89a904922c7d0f308dd3c51  mbs1/SRPMS/roundcubemail-0.8.6-1.mbs1.src.rpm

References