Detections
Analytics

openSUSE Security Update : roundcubemail (openSUSE-2016-1205)

medium Nessus Plugin ID 94215

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for roundcubemail to 1.1.6 fixes several issues (boo#1001856).

These security issues were fixed :

 - Fix XSS issue in href attribute on area tag

 - Wash position:fixed style in HTML mail for better security

These non-security issues were fixed :

 - Searching in both contacts and groups when LDAP addressbook with group_filters option is used

 - Use contact_search_name format in popup on results in compose contacts search

 - Fix missing localization of HTML editor when assets_dir != INSTALL_PATH

 - Fix handling of blockquote tags with mixed case on html2text conversion

 - Fix message list multi-select/deselect issue

 - Fix bug where contact search menu fields where always unchecked in Larry skin

 - Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting

 - Don't create multipart/alternative messages with empty text/plain part

 - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified

Solution

Update the affected roundcubemail package.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1001856

Plugin Details

Severity: Medium

ID: 94215

File Name: openSUSE-2016-1205.nasl

Version: 2.3

Type: local

Agent: unix

Published: 10/24/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:roundcubemail, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/20/2016