Advisories » MGASA-2024-0279

Updated roundcubemail packages fix security vulnerabilities

Publication date: 15 Aug 2024
Modification date: 15 Aug 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42010 , CVE-2024-42009 , CVE-2024-42008

Description

Fix XSS vulnerability in post-processing of sanitized HTML content
[CVE-2024-42009]
Fix XSS vulnerability in serving of attachments other than HTML or SVG
[CVE-2024-42008]
Fix information leak (access to remote content) via insufficient CSS
filtering [CVE-2024-42010]
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33460
• https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008

SRPMS

9/core

• roundcubemail-1.6.8-1.mga9