openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

roundcubemail was updated to 0.9.5 to fix bugs and security issues.

Fixed security issues :

- CVE-2013-6172: vulnerability in handling _session
argument of utils/save-prefs

New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)

- Fix failing vCard import when email address field
contains spaces

- Fix default spell-check configuration after Google
suspended their spell service

- Fix vulnerability in handling _session argument of

- Fix iframe onload for upload errors handling

- Fix address matching in Return-Path header on identity

- Fix text wrapping issue with long unwrappable lines

- Fixed mispelling: occured -> occurred

- Fixed issues where HTML comments inside style tag would
hang Internet Explorer

- Fix setting domain in virtualmin password driver

- Hide Delivery Status Notification option when
smtp_server is unset

- Display full attachment name using title attribute when
name is too long to display

- Fix attachment icon issue when rare font/language is

- Fix expanded thread root message styling after
refreshing messages list

- Fix issue where From address was removed from Cc and Bcc
fields when editing a draft

- Fix error_reporting directive check

- Fix de_DE localization of 'About' label in Help plugin

See also :

Solution :

Update the affected roundcubemail packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 75292 ()

Bugtraq ID: 63300

CVE ID: CVE-2013-6172

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now