Update: roundcubemail 1.1.12

Posted on by

We’re pleased to announce an update is available for the roundcubemail packages, version 1.1.12

This is a security and bugfix release for Kolab Enterprise 14, available for CentOS 6, CentOS 7, Debian 7, Debian 8, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

The following issues are fixed;

  • Don’t ignore (global) userlogins/sendmail logs in per_user_logging mode
  • Fix security issue in remote content blocking on HTML image and style tags (#6178)
  • Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
  • Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
  • Fix file disclosure vulnerability caused by insufficient input validation (#6026)
Posted in Errata and tagged , , , , , , .