http://bugzilla.opensuse.org/show_bug.cgi?id=952006
http://bugzilla.opensuse.org/show_bug.cgi?id=952006#c1
Aeneas Jaißle changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |security-team@suse.de
Flags| |needinfo?(security-team@sus
| |e.de)
--- Comment #1 from Aeneas Jaißle ---
https://build.opensuse.org/request/show/340988
This update fixes one security issue and one bug.
roundcubemail was updated to disallow unwanted access on files in the file
system.
The apache2 configuration file for roundcubemail allowed access to the
roundcubemail/bin folder and possibly /logs, /config and /temp, if these were
not symlinks (this is only the case when manually changed).
This update comes with a fixed configuration. If you modified the file
"/etc/apache2/conf.d/roundcubemail.conf", please replace it with the
configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that,
a restart of apache2 is requried.
This update also fixes an issue that causes apache2 not to start because
"mod_version.c" is not loaded.
--
You are receiving this mail because:
You are on the CC list for the bug.