MGASA-2013-0128
Date: | May 2nd, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated roundcubemail package fixes security vulnerability:
A local file inclusion flaw was found in the way Round Cube Webmail
performed validation of the 'generic_message_footer' value provided
via web user interface in certain circumstances. A remote attacker
could issue a specially-crafted request that, when processed by Round
Cube Webmail could allow an attacker to obtain arbitrary file on the
system, accessible with the privileges of the user running Round Cube
Webmail client (CVE-2013-1904).
Updated Packages:
i586:
roundcubemail-0.7.4-1.1.mga2.noarch.rpm
x6_64:
roundcubemail-0.7.4-1.1.mga2.noarch.rpm
SRPMS:
roundcubemail-0.7.4-1.1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1904
http://sourceforge.net/news/?group_id=139281&id=310497
http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.7.4/
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101623.html
https://bugs.mageia.org/show_bug.cgi?id=9640