CVE-2013-6172 in Roundcube (0.9.x, 0.8.x, 0.7.x)

Security annoucements of interest to the AtomiCorp community, such as vulnerabilities in third party applications.
Post Reply
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

CVE-2013-6172 in Roundcube (0.9.x, 0.8.x, 0.7.x)

Unread post by prupert »

Hi all,

Today a security update was released for a critical vulnerability in Roundcube webmail. Updated versions (0.9.5 and 0.8.7) are already available on their website, and they also offer patches. If you are using Plesk 11.5.30 you have to rely on the response from Parallels, as of yet they have not offered an update which fixes this vulnerability.

- Download the new versions from http://roundcube.net/download
- Patch for 0.9.x: https://github.com/roundcube/roundcubem ... b26ce.diff
- Patch for 0.8.x: https://github.com/roundcube/roundcubem ... aa33c.diff
- Patch for 0.7.x: https://github.com/roundcube/roundcubem ... 37274.diff

More details will soon be published under CVE-2013-6172.

Is ASL already protecting against this issue via their WAF rules? Possibly other ASL protection will also mitigate an attack exploiting this vulnerability.
Lemonbit Internet Dedicated Server Management
Top
Post Reply

Return to “Security Alerts”