Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5743-2

Debian Linux Security Advisory 5743-2 - Multiple cross-site scripting vulnerabilities were discovered in RoundCube webmail.

Packet Storm
#xss#vulnerability#web#linux#debian

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Debian Security Advisory DSA-5743-2 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 13, 2024 https://www.debian.org/security/faq


Package : roundcube
CVE ID : CVE-2024-42008 CVE-2024-42009 CVE-2024-42010

Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.

For the oldstable distribution (bullseye), these problems have been fixed in
version 1.4.15+dfsg.1-1+deb11u4.

For the stable distribution (bookworm), these problems have already been
addressed in DSA-5743-1. The initial fixes introduced a regression in
print previews, which has now been addressed in 1.6.5+dfsg-1+deb12u4.

We recommend that you upgrade your roundcube packages.

For the detailed security status of roundcube please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/roundcube

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma7AK0ACgkQEMKTtsN8
TjaCLhAAj9ooFCqkks/zX1SUM0VpGOKCUwkUiAotKggBJnAOhCAeLJ++YXJeFpTx
h8Muye2jgC1BjpmA0HsdjtHDUOEWL73n2eG3obHEQG+WytJISfz7LyoFxJPBDZUA
bKs0+MMg8wA8VJJWZ8PIoYm4DaTjgVkiaCQQxJhRfZw/LNGFYN9Y9yEL2XrncR8I
fZoug/Iyl4+qC8zr2iYWHFs2TMZXMbYNLFRDY06J5XYFuQ0QPa7KbkN8UvXRNeK4
DOTrkQKeauJHmWl9gfJ9U8w+TYo8mYwU38NoEm/1x0lhqMk/A9KMyROJPuZmCD+R
QWMzULFdqLduvp+iMr0MSGeLnvzuX6AXME8K7JnMiELOmXWCVNAlTNFnmKBftUOZ
mh8MKlNkaGyNO2G9PGIeCNURGwI8NIN0UABZN9h289mn0QM195MuLZN/OZtUBH2s
FU9VAXg2Lw/WKaVj9gndSAv3aN68YN8efuXeTVnPTQaSdHsnBR0fT0yqZd1BWMFy
mq6oYxZGXfRgkb6/KwB/oY3dutXxtUj0GKdC7cQIG2oMyEcFN3Q5yG8oPHZHzgwJ
UYWwA46Jwhy1kRcYmukL+dGtwWsSM7yW6zjV8ifMxJ4zGMJjmMkPSWdKzG/otn7K
oVu/AMHnfCRY/RmXbg1uyuCmjamDZce1fPlDTuvHW+m0AHGvYqU=
=Y9uW
-----END PGP SIGNATURE-----

Related news

Debian Security Advisory 5743-1

Debian Linux Security Advisory 5743-1 - Multiple cross-site scripting vulnerabilities were discovered in RoundCube webmail.

Debian Security Advisory 5743-1

Debian Linux Security Advisory 5743-1 - Multiple cross-site scripting vulnerabilities were discovered in RoundCube webmail.

Debian Security Advisory 5743-1

Debian Linux Security Advisory 5743-1 - Multiple cross-site scripting vulnerabilities were discovered in RoundCube webmail.

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances. "When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim's

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances. "When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim's

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances. "When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim's

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution