openSUSE Security Update : roundcubemail (openSUSE-2016-1205)

Medium Nessus Plugin ID 94215


The remote openSUSE host is missing a security update.


This update for roundcubemail to 1.1.6 fixes several issues (boo#1001856).

These security issues were fixed :

- Fix XSS issue in href attribute on area tag

- Wash position:fixed style in HTML mail for better security

These non-security issues were fixed :

- Searching in both contacts and groups when LDAP addressbook with group_filters option is used

- Use contact_search_name format in popup on results in compose contacts search

- Fix missing localization of HTML editor when assets_dir != INSTALL_PATH

- Fix handling of blockquote tags with mixed case on html2text conversion

- Fix message list multi-select/deselect issue

- Fix bug where contact search menu fields where always unchecked in Larry skin

- Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting

- Don't create multipart/alternative messages with empty text/plain part

- Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified


Update the affected roundcubemail package.

See Also

Plugin Details

Severity: Medium

ID: 94215

File Name: openSUSE-2016-1205.nasl

Version: $Revision: 2.1 $

Type: local

Agent: unix

Published: 2016/10/24

Modified: 2016/10/24

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:roundcubemail, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2016/10/20