Joined: 12 May 2004
|Posted: Wed Jul 12, 2017 1:26 pm Post subject: [ GLSA 201707-11 ] RoundCube
|Gentoo Linux Security Advisory
Title: RoundCube: Security bypass (GLSA 201707-11)
A vulnerability in RoundCube may allow authenticated users to
bypass security restrictions.
Free and open source webmail software for the masses, written in PHP.
Vulnerable: < 1.2.5
Unaffected: >= 1.2.5
Architectures: All supported architectures
Authenticated users can arbitrarily reset passwords due to a problem
caused by an improperly restricted exec call in the virtualmin and sasl
drivers of the password plugin.
Authenticated users can bypass security restrictions and elevate
There is no known workaround at this time.
All RoundCube users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/roundcube-1.2.5"
Last edited by GLSA on Fri Sep 29, 2017 4:16 am; edited 1 time in total