openSUSE Security Update : roundcubemail (openSUSE-2015-490)
High Nessus Plugin ID 84754
SynopsisThe remote openSUSE host is missing a security update.
Descriptionroundcubemail was updated to version 1.0.6 to fix many minor bugs and three security issues.
The following vulnerabilities were fixed :
- CVE-2015-2180: security improvement in DBMail driver of password plugin (shell execution)
- CVE-2015-2181: security improvement in DBMail driver of password plugin (multiple buffer overflows)
- security improvement in contact photo handling
SolutionUpdate the affected roundcubemail package.