<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p><span class="im">==============================<wbr>==============================<wbr>==============<br>
Ubuntu Security Notice USN-7200-1<br>
January 13, 2025<br>
<br>
roundcube vulnerability<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 16.04 LTS<br>
<br>
Summary:<br>
<br>
Roundcube could be made to expose sensitive information.<br>
<br>
Software Description:<br>
- roundcube: skinnable AJAX based webmail solution for IMAP
servers - metapack<br>
<br>
Details:<br>
<br>
It was discovered that Roundcube incorrectly handled certain
file-based<br>
attachment plugins. An attacker could exploit this to gain
unauthorized<br>
</span>
access to arbitrary files on the host’s file system.</p>
<div class="yj6qo ajU">
<div id=":190" class="ajR" role="button" tabindex="0"
aria-label="Hide expanded content" aria-expanded="true"
data-tooltip="Hide expanded content"><img class="ajT"
src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div>
</div>
<div class="adm"></div>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 16.04 LTS<br>
roundcube-core 1.2~beta+dfsg.1-0ubuntu1+esm5<br>
Available with Ubuntu Pro<br>
roundcube-plugins 1.2~beta+dfsg.1-0ubuntu1+esm5<br>
Available with Ubuntu Pro<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-7200-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-7200-1&source=gmail&ust=1736855924718000&usg=AOvVaw0iin4sc8Zn2BKJqfjUhz_t">https://ubuntu.com/security/no<wbr>tices/USN-7200-1</a><br>
CVE-2017-16651
</body>
</html>