openSUSE Security Update: Security update for roundcubemail
Announcement ID: openSUSE-SU-2016:0213-1
openSUSE Leap 42.1
An update that fixes one vulnerability is now available.
This update to roundcubemail 1.1.4 fixes the following issues:
- CVE-2015-8770: Path traversal vulnerability allowed code execution to
remote authenticated users if they were also upload files to the same
server through some other method (boo#962067)
This update also contains all upstream fixes in 1.1.4. The package was
updated to use generic PHP requirements for use with other prefixes than
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-80=1
To bring your system up-to-date, use "zypper patch".
- openSUSE Leap 42.1 (noarch):
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org