{"id":58840,"date":"2024-08-13T18:49:55","date_gmt":"2024-08-13T15:49:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/180086\/dsa-5743-2.txt"},"modified":"2024-08-13T18:49:55","modified_gmt":"2024-08-13T15:49:55","slug":"debian-security-advisory-5743-2","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/debian-security-advisory-5743-2\/","title":{"rendered":"Debian Security Advisory 5743-2"},"content":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;<br \/>Hash: SHA512<\/p>\n<p>&#8211; &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<br \/>Debian Security Advisory DSA-5743-2 security@debian.org<br \/>https:\/\/www.debian.org\/security\/ Moritz Muehlenhoff<br \/>August 13, 2024 https:\/\/www.debian.org\/security\/faq<br \/>&#8211; &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>Package : roundcube<br \/>CVE ID : CVE-2024-42008 CVE-2024-42009 CVE-2024-42010<\/p>\n<p>Multiple cross-site scripting vulnerabilities were discovered in<br \/>RoundCube webmail.<\/p>\n<p>For the oldstable distribution (bullseye), these problems have been fixed in<br \/>version 1.4.15+dfsg.1-1+deb11u4.<\/p>\n<p>For the stable distribution (bookworm), these problems have already been<br \/>addressed in DSA-5743-1. The initial fixes introduced a regression in<br \/>print previews, which has now been addressed in 1.6.5+dfsg-1+deb12u4.<\/p>\n<p>We recommend that you upgrade your roundcube packages.<\/p>\n<p>For the detailed security status of roundcube please refer to<br \/>its security tracker page at:<br \/>https:\/\/security-tracker.debian.org\/tracker\/roundcube<\/p>\n<p>Further information about Debian Security Advisories, how to apply<br \/>these updates to your system and frequently asked questions can be<br \/>found at: https:\/\/www.debian.org\/security\/<\/p>\n<p>Mailing list: debian-security-announce@lists.debian.org<br \/>&#8212;&#8211;BEGIN PGP SIGNATURE&#8212;&#8211;<\/p>\n<p>iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma7AK0ACgkQEMKTtsN8<br \/>TjaCLhAAj9ooFCqkks\/zX1SUM0VpGOKCUwkUiAotKggBJnAOhCAeLJ++YXJeFpTx<br \/>h8Muye2jgC1BjpmA0HsdjtHDUOEWL73n2eG3obHEQG+WytJISfz7LyoFxJPBDZUA<br \/>bKs0+MMg8wA8VJJWZ8PIoYm4DaTjgVkiaCQQxJhRfZw\/LNGFYN9Y9yEL2XrncR8I<br \/>fZoug\/Iyl4+qC8zr2iYWHFs2TMZXMbYNLFRDY06J5XYFuQ0QPa7KbkN8UvXRNeK4<br \/>DOTrkQKeauJHmWl9gfJ9U8w+TYo8mYwU38NoEm\/1x0lhqMk\/A9KMyROJPuZmCD+R<br \/>QWMzULFdqLduvp+iMr0MSGeLnvzuX6AXME8K7JnMiELOmXWCVNAlTNFnmKBftUOZ<br \/>mh8MKlNkaGyNO2G9PGIeCNURGwI8NIN0UABZN9h289mn0QM195MuLZN\/OZtUBH2s<br \/>FU9VAXg2Lw\/WKaVj9gndSAv3aN68YN8efuXeTVnPTQaSdHsnBR0fT0yqZd1BWMFy<br \/>mq6oYxZGXfRgkb6\/KwB\/oY3dutXxtUj0GKdC7cQIG2oMyEcFN3Q5yG8oPHZHzgwJ<br \/>UYWwA46Jwhy1kRcYmukL+dGtwWsSM7yW6zjV8ifMxJ4zGMJjmMkPSWdKzG\/otn7K<br \/>oVu\/AMHnfCRY\/RmXbg1uyuCmjamDZce1fPlDTuvHW+m0AHGvYqU=<br \/>=Y9uW<br \/>&#8212;&#8211;END PGP SIGNATURE&#8212;&#8211;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;Hash: SHA512 &#8211; &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-Debian Security Advisory DSA-5743-2 security@debian.orghttps:\/\/www.debian.org\/security\/ Moritz MuehlenhoffAugust 13, 2024 https:\/\/www.debian.org\/security\/faq&#8211; &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;- Package : roundcubeCVE ID : CVE-2024-42008 CVE-2024-42009 CVE-2024-42010 Multiple cross-site scripting vulnerabilities were discovered inRoundCube webmail. For the oldstable distribution (bullseye), these problems have been fixed inversion 1.4.15+dfsg.1-1+deb11u4. For the stable distribution (bookworm), these problems have already beenaddressed &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58840","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58840"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58840\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}