|
Bugzilla – Full Text Bug Listing |
| Summary: | Tracker bug for roundcubemail (42.1-rc1) | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Aeneas Jaißle <aj> |
| Component: | Security | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED DUPLICATE | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Minor | ||
| Priority: | P5 - None | CC: | astieger, security-team |
| Version: | Leap 42.1 RC1 1 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Aeneas Jaißle
2015-10-26 13:16:35 UTC
https://build.opensuse.org/request/show/340994 This update fixes one security issue and one bug. roundcubemail was updated to disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this is only the case when manually changed). This update comes with a fixed configuration. If you modified the file "/etc/apache2/conf.d/roundcubemail.conf", please replace it with the configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that, a restart of apache2 is requried. This update also fixes an issue that causes apache2 not to start because "mod_version.c" is not loaded. Thanks *** This bug has been marked as a duplicate of bug 952006 *** |