openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1945-1 Rating: moderate References: #938840 #952006 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of roundcubemail fixes one security issue and one bug. - roundcubemail was updated to disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail previously allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this is only the case when manually changed). This update comes with a fixed configuration. If you modified the file "/etc/apache2/conf.d/roundcubemail.conf", please replace it with the configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that, a restart of apache2 is requried. - This update also fixes an issue that causes apache2 not to start because "mod_version.c" is not loaded. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-722=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (noarch): roundcubemail-1.1.3-3.1 References: https://bugzilla.suse.com/938840 https://bugzilla.suse.com/952006