<![CDATA[iRedMail — Security: XSS vulnerability in roundcubemai-0.2-stable]]> 2009-05-20T16:39:06Z PunBB http://www.iredmail.org/forum/topic4-security-xss-vulnerability-in-roundcubemai02stable.html <![CDATA[Re: Security: XSS vulnerability in roundcubemai-0.2-stable]]> Successfully applied.

]]> http://www.iredmail.org/forum/user33.html 2009-05-20T16:39:06Z http://www.iredmail.org/forum/post122.html#p122 <![CDATA[Re: Security: XSS vulnerability in roundcubemai-0.2-stable]]> Thank you.

]]> http://www.iredmail.org/forum/user11.html 2009-05-07T14:15:35Z http://www.iredmail.org/forum/post29.html#p29 <![CDATA[Security: XSS vulnerability in roundcubemai-0.2-stable]]> Hi, all.

All users use iRedMail-0.4.0 which ships roundcubemail-0.2-stable should
apply this patch *as soon as possible*.

Description:

   There's a cross-site scripting (XSS) vulnerability in RoundCube
   Webmail (roundcubemail) 0.2 stable allows remote attackers to inject
   arbitrary web script or HTML via the background attribute embedded
   in an HTML e-mail message.

Reference:

   * CVE-2009-0413
     http://cve.mitre.org/cgi-bin/cvename.cg … -2009-0413

Patch attachted. Please follow the steps to apply it.

   * Backup your current roundcubemail directory. e.g. copy the whole
     directory to /opt/backup/.

# cp -rfp /var/www/roundcubemail-0.2-stable/ /opt/backup/

   * Download the patch, upload it to your mail server. We assume
     you upload it to /opt/

   * Change directory and apply the patch:

# cd /var/www/roundcubemail-0.2-stable/
# patch -p1 < /opt/roundcubemail-CVE-2009-0413.patch
patching file program/lib/washtml.php
]]> http://www.iredmail.org/forum/user2.html 2009-05-06T10:27:35Z http://www.iredmail.org/forum/post6.html#p6