Advisories » MGASA-2018-0288

Updated roundcubemail packages fix security vulnerability

Publication date: 19 Jun 2018
Modification date: 19 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-9846

Description

Updated roundcubemail package fixes security vulnerability:

This update fixes a recently discovered IMAP command injection vulnerability 
caused by insufficient input validation within the archive plugin. 
(CVE-2018-9846).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22941
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z5Z2OC2XYT33AXQAC6NBFEM5PJNFVZRR/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846

SRPMS

6/core

• roundcubemail-1.3.6-1.1.mga6