openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2024:0328-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856552

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (openSUSE-SU-2024:0328-1)

Resumen: The remote host is missing an update for the 'roundcubemail' package(s) announced via the openSUSE-SU-2024:0328-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'roundcubemail' package(s) announced via the openSUSE-SU-2024:0328-1 advisory.

Vulnerability Insight:
This update for roundcubemail fixes the following issues:

Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:

* Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
* Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
* Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]

CHANGELOG

* Managesieve: Protect special scripts in managesieve_kolab_master mode
* Fix newmail_notifier notification focus in Chrome (#9467)
* Fix fatal error when parsing some TNEF attachments (#9462)
* Fix double scrollbar when composing a mail with many plain text lines (#7760)
* Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
* Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
* Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
* Fix bug where 'with attachment' filter could fail on some fts engines (#9514)
* Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
* Fix bug where a long subject title could not be displayed in some cases (#9416)
* Fix infinite loop when parsing malformed Sieve script (#9562)
* Fix bug where imap_conn_option's 'socket' was ignored (#9566)
* Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
* Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
* Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]

Affected Software/OS:
'roundcubemail' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
9.4

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-42008
Common Vulnerability Exposure (CVE) ID: CVE-2024-42009
Common Vulnerability Exposure (CVE) ID: CVE-2024-42010

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856552
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2024:0328-1)
Resumen:	The remote host is missing an update for the 'roundcubemail' package(s) announced via the openSUSE-SU-2024:0328-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'roundcubemail' package(s) announced via the openSUSE-SU-2024:0328-1 advisory. Vulnerability Insight: This update for roundcubemail fixes the following issues: Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] CHANGELOG * Managesieve: Protect special scripts in managesieve_kolab_master mode * Fix newmail_notifier notification focus in Chrome (#9467) * Fix fatal error when parsing some TNEF attachments (#9462) * Fix double scrollbar when composing a mail with many plain text lines (#7760) * Fix decoding mail parts with multiple base64-encoded text blocks (#9290) * Fix bug where some messages could get malformed in an import from a MBOX file (#9510) * Fix invalid line break characters in multi-line text in Sieve scripts (#9543) * Fix bug where 'with attachment' filter could fail on some fts engines (#9514) * Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) * Fix bug where a long subject title could not be displayed in some cases (#9416) * Fix infinite loop when parsing malformed Sieve script (#9562) * Fix bug where imap_conn_option's 'socket' was ignored (#9566) * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] Affected Software/OS: 'roundcubemail' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-42008 Common Vulnerability Exposure (CVE) ID: CVE-2024-42009 Common Vulnerability Exposure (CVE) ID: CVE-2024-42010
Copyright	Copyright (C) 2024 Greenbone AG