Detections
Analytics

openSUSE Security Update : roundcubemail (openSUSE-2020-1516)

critical Nessus Plugin ID 141069

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for roundcubemail fixes the following issues :

roundcubemail was upgraded to 1.3.15

This is a security update to the LTS version 1.3. (boo#1175135)

 - Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]

 - Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content

From 1.3.14 (boo#1173792 -> CVE-2020-15562)

 - Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace

From 1.3.13

 - Installer: Fix regression in SMTP test section (#7417)

From 1.3.12

 - Security: Better fix for CVE-2020-12641 (boo#1171148)

 - Security: Fix XSS issue in template object 'username' (#7406)

 - Security: Fix couple of XSS issues in Installer (#7406)

 - Security: Fix cross-site scripting (XSS) via malicious XML attachment

From 1.3.11 (boo#1171148 -> CVE-2020-12641 boo#1171040 -> CVE-2020-12625 boo#1171149 -> CVE-2020-12640)

 - Enigma: Fix compatibility with Mail_Mime >= 1.10.5

 - Fix permissions on some folders created by bin/install-jsdeps.sh script (#6930)

 - Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980)

 - Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991)

 - Fix PHP warning: 'array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)

 - Security: Fix XSS issue in handling of CDATA in HTML messages

 - Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings

 - Security: Fix local file inclusion (and code execution) via crafted 'plugins' option

 - Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)

From 1.3.10 (boo#1146286)

 - Managesieve: Fix so 'Create filter' option does not show up when Filters menu is disabled (#6723)

 - Enigma: Fix bug where revoked users/keys were not greyed out in key info

 - Enigma: Fix error message when trying to encrypt with a revoked key (#6607)

 - Enigma: Fix 'decryption oracle' bug [CVE-2019-10740] (#6638)

- Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)

 - Fix bug where bmp images couldn't be displayed on some systems (#6728)

 - Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)

 - Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)

 - Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)

 - Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)

 - Fix bug where selection of columns on messages list wasn't working

 - Fix bug in converting multi-page Tiff images to Jpeg (#6824)

 - Fix wrong messages order after returning to a multi-folder search result (#6836)

 - Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)

 - Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)

 - Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)

 - Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)

 - Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)

From 1.3.9 (boo#1115718)

 - Fix TinyMCE download location (#6694)

 - Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)

 - Fix handling of empty entries in vCard import (#6564)

 - Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)

 - Fix PHP 7.2 compatibility in debug_logger plugin (#6586)

 - Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)

 - Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)

 - Fix missing CSRF token on a link to download too-big message part (#6621)

 - Fix bug when aborting dragging with ESC key didn't stop the move action (#6623)

 - Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)

From 1.3.8

- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)

 - Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)

 - Enigma: Fix deleting keys with authentication subkeys (#6381)

 - Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)

 - Fix so Classic skin splitter does not escape out of window (#6397)

 - Fix XSS issue in handling invalid style tag content (#6410)

 - Fix compatibility with MySQL 8 - error on 'system' table use

 - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)

 - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)

 - Fix support for 'allow-from <uri>' in 'x_frame_options' config option (#6449)

 - Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)

 - Fix multiple VCard field search (#6466)

 - Fix session issue on long running requests (#6470)

From 1.3.7 (boo#1115719)

 - Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)

 - Fix bug where some parts of quota information could have been ignored (#6280)

 - Fix bug where some escape sequences in html styles could bypass security checks

 - Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names

 - Fix bug where only attachments with the same name would be ignored on zip download (#6301)

 - Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)

 - Fix bug where after 'mark all folders as read' action message counters were not reset (#6307)

 - Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)

 - Fix bug where some HTML comments could have been malformed by HTML parser (#6333)

Solution

Update the affected roundcubemail package.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1115718

https://bugzilla.opensuse.org/show_bug.cgi?id=1115719

https://bugzilla.opensuse.org/show_bug.cgi?id=1146286

https://bugzilla.opensuse.org/show_bug.cgi?id=1171040

https://bugzilla.opensuse.org/show_bug.cgi?id=1171148

https://bugzilla.opensuse.org/show_bug.cgi?id=1171149

https://bugzilla.opensuse.org/show_bug.cgi?id=1173792

https://bugzilla.opensuse.org/show_bug.cgi?id=1175135

Plugin Details

Severity: Critical

ID: 141069

File Name: openSUSE-2020-1516.nasl

Version: 1.4

Type: local

Agent: unix

Published: 9/30/2020

Updated: 2/16/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-12641

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:roundcubemail, cpe:/o:novell:opensuse:15.1, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2020

Vulnerability Publication Date: 4/7/2019

CISA Known Exploited Vulnerability Due Dates: 7/13/2023

Reference Information

CVE: CVE-2019-10740, CVE-2020-12625, CVE-2020-12640, CVE-2020-12641, CVE-2020-15562, CVE-2020-16145