Fedora 15 : roundcubemail-0.5.1-1.fc15 (2011-4038)

high Nessus Plugin ID 53201

Synopsis

The remote Fedora host is missing a security update.

Description

Roundcube Webmail upstream has released v0.5.1 version: [1] http://trac.roundcube.net/wiki/Changelog

which adds one security hardening: 1), Security: add optional referer check to prevent CSRF in GET requests Relevant patches: [2] http://trac.roundcube.net/changeset/4503 [3] http://trac.roundcube.net/changeset/4504

and fixes two security flaws: 2), Security: protect login form submission from CSRF Relevant patch: [4] http://trac.roundcube.net/changeset/4490 3), Security: prevent from relaying malicious requests through modcss.inc Relevant patch: [5] http://trac.roundcube.net/changeset/4488

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected roundcubemail package.

See Also

http://roundcube.net/news/

http://www.nessus.org/u?3e4357ad

http://trac.roundcube.net/changeset/4488

http://trac.roundcube.net/changeset/4490

http://trac.roundcube.net/changeset/4503

http://trac.roundcube.net/changeset/4504

https://github.com/roundcube/roundcubemail/wiki/Changelog

https://www.openwall.com/lists/oss-security/2011/03/24/3

http://www.nessus.org/u?c9143218

Plugin Details

Severity: High

ID: 53201

File Name: fedora_2011-4038.nasl

Version: 1.11

Type: local

Agent: unix

Published: 3/29/2011

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:roundcubemail, cpe:/o:fedoraproject:fedora:15

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 3/25/2011

Reference Information

FEDORA: 2011-4038