Detections
Analytics

openSUSE Security Update : roundcubemail (openSUSE-SU-2013:1420-1)

medium Nessus Plugin ID 75132

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

roundcubemail was updated to version 0.9.3 (bnc#837436) (CVE-2013-5645)

 - Optimized UI behavior for touch devices

 - Fix setting refresh_interval to 'Never' in Preferences

 - Fix purge action in folder manager

 - Fix base URL resolving on attribute values with no quotes

 - Fix wrong handling of links with '|' character

 - Fix colorspace issue on image conversion using ImageMagick?

 - Fix XSS vulnerability when saving HTML signatures

 - Fix XSS vulnerability when editing a message 'as new' or draft

 - Fix rewrite rule in .htaccess

 - Fix detecting Turkish language in ISO-8859-9 encoding

 - Fix identity-selection using Return-Path headers

 - Fix parsing of links with ... in URL

 - Fix compose priority selector when opening in new window

 - Fix bug where signature wasn't changed on identity selection when editing a draft

 - Fix IMAP SETMETADATA parameters quoting

 - Fix 'could not load message' error on valid empty message body

 - Fix handling of message/rfc822 attachments on message forward and edit

 - Fix parsing of square bracket characters in IMAP response strings

 - Don't clear References and in-Reply-To when a message is 'edited as new'

 - Fix messages list sorting with THREAD=REFS

 - Remove deprecated (in PHP 5.5) PREG /e modifier usage

 - Fix empty messages list when register_globals is enabled

 - Fix so valid and set date.timezone is not required by installer checks

 - Canonize boolean ini_get() results

 - Fix so install do not fail when one of DB driver checks fails but other drivers exist

 - Fix so exported vCard specifies encoding in v3-compatible format

 - Update to version 0.9.2

 - Fix image thumbnails display in print mode

 - Fix height of message headers block

 - Fix timeout issue on drag&drop uploads

 - Fix default sorting of threaded list when THREAD=REFS isn't supported

 - Fix list mode switch to 'List' after saving list settings in Larry skin

 - Fix error when there's no writeable addressbook source

 - Fix zipdownload plugin issue with filenames charset

 - Fix so non-inline images aren't skipped on forward

 - Fix 'null' instead of empty string on messages list in IE10

 - Fix legacy options handling

 - Fix so bounces addresses in Sender headers are skipped on Reply-All

 - Fix bug where serialized strings were truncated in PDO::quote()

 - Fix displaying messages with invalid self-closing HTML tags

 - Fix PHP warning when responding to a message with many Return-Path headers

 - Fix unintentional compose window resize

 - Fix performance regression in text wrapping function

 - Fix connection to posgtres db using unix socket

 - Fix handling of comma when adding contact from contacts widget

 - Fix bug where a message was opened in both preview pane and new window on double-click

 - Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml

 - Fix PHP warning in html_table::set_row_attribs() in PHP 5.4

 - Fix invalid option selected in default_font selector when font is unset

 - Fix displaying contact with ID divisible by 100 in sql addressbook

 - Fix browser warnings on PDF plugin detection

 - Fix fatal error when parsing UUencoded messages

 - Update to version 0.9.1

 - a lot of bugfixes and smaller improvements (http://trac.roundcube.net/wiki/Changelog)

 - Update to version 0.9.0

 - Improved rendering of forwarded and attached messages

 - Optionally display and compose email messages a new windows

 - Unified UI for message view and composition

 - Show sender photos from contacts in email view

 - Render thumbnails for image attachments

 - Download all attachments as zip archive (using the zipdownload plugin)

 - Forward multiple emails as attachments

 - CSV import for contacts

Solution

Update the affected roundcubemail package.

See Also

https://github.com/roundcube/roundcubemail/wiki/Changelog

https://bugzilla.novell.com/show_bug.cgi?id=803091

https://bugzilla.novell.com/show_bug.cgi?id=837436

https://lists.opensuse.org/opensuse-updates/2013-09/msg00018.html

Plugin Details

Severity: Medium

ID: 75132

File Name: openSUSE-2013-687.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:roundcubemail, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/30/2013

Reference Information

CVE: CVE-2012-6121, CVE-2013-5645

BID: 57849, 61976