openSUSE Security Update : roundcubemail (openSUSE-2016-1533)
High Nessus Plugin ID 96247
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for roundcubemail fixes the following issues :
- Avoid HTML styles that could cause potential click jacking (boo#1001856)
- A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493)
- Avoid sending completely empty text parts for multipart/alternative messages
- Don't create multipart/alternative messages with empty text/plain part
- Improved validation of FROM argument when sending mails
SolutionUpdate the affected roundcubemail package.