Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29334
HistoryMay 06, 2013 - 12:00 a.m.

[ MDVSA-2013:149 ] roundcubemail

2013-05-0600:00:00
vulners.com
26
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2013:149
http://www.mandriva.com/en/support/security/

Package : roundcubemail
Date : April 21, 2013
Affected: Business Server 1.0

Problem Description:

A vulnerability has been found and corrected in roundcubemail:

A local file inclusion flaw was found in the way RoundCube Webmail,
a browser-based multilingual IMAP client, performed validation
of the 'generic_message_footer' value provided via web user
interface in certain circumstances. A remote attacker could issue a
specially-crafted request that, when processed by RoundCube Webmail
could allow an attacker to obtain arbitrary file on the system,
accessible with the privileges of the user running RoundCube Webmail
client (CVE-2013-1904).

The updated packages have been upgraded to the 0.8.6 version which
is not affected by this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1904
http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.8.6/README_0.8.6.txt

Updated Packages:

Mandriva Business Server 1/X86_64:
2818bc91890e14ea575dd3e000af7dd1 mbs1/x86_64/roundcubemail-0.8.6-1.mbs1.noarch.rpm
2920a916b89a904922c7d0f308dd3c51 mbs1/SRPMS/roundcubemail-0.8.6-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRdU9MmqjQ0CJFipgRAplGAJ91hj+L/KCumCLElKZGhH7Tq1rYLACgsJwr
pyuv/xtaOMMHF+qaNu6mP/U=
=rl5L
-----END PGP SIGNATURE-----

Related

prion 1
nessus 5
freebsd 1
ubuntucve 1
cve 1
debiancve 1
openvas 4
fedora 2
securityvulns 1
prion
prion
Path traversal
2014-02-08 00:55:00
nessus
nessus
openSUSE Security Update : roundcubemail (openSUSE-SU-2013:0671-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : roundcubemail (MDVSA-2013:149)
2013-04-23 00:00:00
Fedora 17 : roundcubemail-0.8.6-1.fc17 (2013-4536)
2013-04-08 00:00:00
freebsd
freebsd
roundcube -- arbitrary file disclosure vulnerability
2013-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2013-1904
2014-02-08 00:00:00
cve
cve
CVE-2013-1904
2014-02-08 00:55:00
debiancve
debiancve
CVE-2013-1904
2014-02-08 00:55:00
openvas
openvas
Fedora Update for roundcubemail FEDORA-2013-4564
2013-04-08 00:00:00
Fedora Update for roundcubemail FEDORA-2013-4536
2013-04-08 00:00:00
Fedora Update for roundcubemail FEDORA-2013-4564
2013-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: roundcubemail-0.8.6-1.fc18
2013-04-07 00:30:14
[SECURITY] Fedora 17 Update: roundcubemail-0.8.6-1.fc17
2013-04-07 00:41:17
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-05-06 00:00:00
JSON
Related for SECURITYVULNS:DOC:29334
prion1nessus5freebsd1ubuntucve1cve1debiancve1openvas4fedora2securityvulns1