Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
Help
Search
Login
Register
Roundcube Community Forum
»
News and Announcements
»
News & Announcements
»
Security updates 0.9.5 and 0.8.7
« previous
next »
Print
Pages: [
1
]
Author
Topic: Security updates 0.9.5 and 0.8.7 (Read 5439 times)
SKaero
Administrator
Hero Member
Posts: 5,882
Security updates 0.9.5 and 0.8.7
«
on:
October 22, 2013, 03:10:37 PM »
We just published new releases which fix a recently reported vulnerability that allows an attacker to overrwrite configuration settings using user preferences. This can result in random file access, manipulated SQL queries and even code execution. The latter one only affects versions 0.8.6 and older.
Please update your installations with the new versions or patch them with the fixes listed below for the various older versions of Roundcube.
Download the latest version from roundcube.net/download
Patch for 0.9.x:
https://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff
Patch for 0.8.x:
https://github.com/roundcube/roundcubemail/commit/eb433aa33c.diff
Patch for 0.7.x:
https://github.com/roundcube/roundcubemail/commit/1972037274.diff
More information about this vulnerability will be published under CVE-2013-6172.
Source:
http://roundcube.net/news/2013/10/21/security-updates-095-and-087/
Get it Now:
http://roundcube.net/download
Logged
SK
aero
Print
Pages: [
1
]
« previous
next »
Roundcube Community Forum
»
News and Announcements
»
News & Announcements
»
Security updates 0.9.5 and 0.8.7