Fedora 38 : roundcubemail (2023-b2e5612471)

high Nessus Plugin ID 181832

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b2e5612471 advisory.

**Release 1.6.3**

- Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file (#9051)
- Update jQuery-UI to version 1.13.2 (#9041)
- Fix regression that broke use_secure_urls feature (#9052)
- Fix potential PHP fatal error when opening a message with message/rfc822 part (#8953)
- Fix bug where a duplicate `<title>` tag in HTML email could cause some parts being cut off (#9029)
- Fix bug where a list of folders could have been sorted incorrectly (#9057)
- Fix regression where LDAP addressbook 'filter' option was ignored (#9061)
- Fix wrong order of a multi-folder search result when sorting by size (#9065)
- Fix so install/update scripts do not require PEAR (#9037)
- Fix regression where some mail parts could have been decoded incorrectly, or not at all (#9096)
- Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097)
- Fix PHP8 deprecation warning in the reconnect plugin (#9083)
- Fix Show source on mobile with x_frame_options = deny (#9084)
- Fix various PHP warnings (#9098)
- Fix deprecated use of ldap_connect() in password's ldap_simple driver (#9060)
- Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages




Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected roundcubemail package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2023-b2e5612471

Plugin Details

Severity: High

ID: 181832

File Name: fedora_2023-b2e5612471.nasl

Version: 1.1

Type: local

Agent: unix

Published: 9/24/2023

Updated: 11/14/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:38, p-cpe:/a:fedoraproject:fedora:roundcubemail

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/15/2023

Vulnerability Publication Date: 9/15/2023

Reference Information