[USN-7200-1] Roundcube vulnerability
Chrisa Oikonomou
chrisa.oikonomou at canonical.com
Mon Jan 13 12:33:42 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7200-1
January 13, 2025
roundcube vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Roundcube could be made to expose sensitive information.
Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers -
metapack
Details:
It was discovered that Roundcube incorrectly handled certain file-based
attachment plugins. An attacker could exploit this to gain unauthorized
access to arbitrary files on the host’s file system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
roundcube-core 1.2~beta+dfsg.1-0ubuntu1+esm5
Available with Ubuntu Pro
roundcube-plugins 1.2~beta+dfsg.1-0ubuntu1+esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7200-1
<https://ubuntu.com/security/notices/USN-7200-1>
CVE-2017-16651
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250113/a5317eb1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250113/a5317eb1/attachment.sig>
More information about the ubuntu-security-announce
mailing list