Mailinglist Archive: opensuse-updates (174 mails)

< Previous Next >
openSUSE-SU-2015:1904-1: moderate: Security update for roundcubemail
openSUSE Security Update: Security update for roundcubemail

Announcement ID: openSUSE-SU-2015:1904-1
Rating: moderate
References: #938840 #952006
Affected Products:
openSUSE 13.2
openSUSE 13.1

An update that contains security fixes can now be installed.


roundcubemail was updated to version 1.0.7 to fix two security issues.

These security issues were fixed:
- XSS issue in drag-n-drop file uploads
- Disallow unwanted access on files in the file system. The apache2
configuration file for roundcubemail allowed access to the
roundcubemail/bin folder and possibly /logs, /config and /temp, if these
were not symlinks (this was only the case when the configuration was
manually changed) (bsc#952006)

The package comes with a fixed configuration. If you modified the file
"/etc/apache2/conf.d/roundcubemail.conf", please replace it with the
configuration "roundcubemail.conf.rpmnew" and reapply your changes. After
that, a restart of apache2 is requried.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-699=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-699=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.2 (noarch):


- openSUSE 13.1 (noarch):



< Previous Next >
This Thread
  • No further messages