openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)

High Nessus Plugin ID 75292


The remote openSUSE host is missing a security update.


roundcubemail was updated to 0.9.5 to fix bugs and security issues.

Fixed security issues :

- CVE-2013-6172: vulnerability in handling _session argument of utils/save-prefs

New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)

- Fix failing vCard import when email address field contains spaces

- Fix default spell-check configuration after Google suspended their spell service

- Fix vulnerability in handling _session argument of utils/save-prefs

- Fix iframe onload for upload errors handling

- Fix address matching in Return-Path header on identity selection

- Fix text wrapping issue with long unwrappable lines

- Fixed mispelling: occured -> occurred

- Fixed issues where HTML comments inside style tag would hang Internet Explorer

- Fix setting domain in virtualmin password driver

- Hide Delivery Status Notification option when smtp_server is unset

- Display full attachment name using title attribute when name is too long to display

- Fix attachment icon issue when rare font/language is used

- Fix expanded thread root message styling after refreshing messages list

- Fix issue where From address was removed from Cc and Bcc fields when editing a draft

- Fix error_reporting directive check

- Fix de_DE localization of 'About' label in Help plugin


Update the affected roundcubemail packages.

See Also

Plugin Details

Severity: High

ID: 75292

File Name: openSUSE-2014-210.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:php5-pear-Net_IDNA2, p-cpe:/a:novell:opensuse:roundcubemail, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/03/14

Reference Information

CVE: CVE-2013-6172

BID: 63300