Fedora 23 : roundcubemail-1.1.4-2.fc23 (2015-6e299214b8)

high Nessus Plugin ID 89273

Synopsis

The remote Fedora host is missing a security update.

Description

**Release 1.1.4** - Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582) - Fix duplicate messages in list and wrong count after delete (#1490572) - Fix so Installer requires PHP5 - Make brute-force attacks harder by re-generating security token on every failed login (#1490549) - Slow down brute- force attacks by waiting for a second after failed login (#1490549) - Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail view scaling on iOS (#1490551) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) - Fix responses list update issue after response name change (#1490555) - Fix bug where message preview was unintentionally reset on check-recent action (#1490563) - Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539) - Fix redundant blank lines when using HTML and top posting (#1490576) - Fix redundant blank lines on start of text after html to text conversion (#1490577)

- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) - Fix invalid LDAP query in ACL user autocompletion (#1490591) - Fix regression in displaying contents of message/rfc822 parts (#1490606) - Fix handling of message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619) **Packaging changes:** * add .log suffix to all log file names, and rotate them all (may requires to switch back to provided logrotate configuration)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected roundcubemail package.

See Also

https://bugs.php.net/bug.php?id=70757

https://bugzilla.redhat.com/show_bug.cgi?id=1269155

https://bugzilla.redhat.com/show_bug.cgi?id=1269164

http://www.nessus.org/u?59a6d575

Plugin Details

Severity: High

ID: 89273

File Name: fedora_2015-6e299214b8.nasl

Version: 2.3

Type: local

Agent: unix

Published: 3/4/2016

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:roundcubemail, cpe:/o:fedoraproject:fedora:23

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/7/2016

Reference Information