Mandriva Linux Security Advisory 2010:015: roundcubemail

36

Multiple vulnerabilities has been found and corrected in transmission:

A number of dependency probles were discovered and has been corrected
with this release (#56006).

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail
0.2.2 and earlier allows remote attackers to hijack the authentication
of unspecified users for requests that modify user information via
unspecified vectors, a different vulnerability than CVE-2009-4077
(CVE-2009-4076).

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail
0.2.2 and earlier allows remote attackers to hijack the authentication
of unspecified users for requests that send arbitrary emails via
unspecified vectors, a different vulnerability than CVE-2009-4076
(CVE-2009-4077).

The updated packages have been patched to correct these
issues. Additionally roundcubemail has been upgraded to 0.2.2 that
also fixes a number of upstream bugs…

Read More