Category Archives: Advisories

USN-6944-1: curl vulnerability

Read Time:11 Second

Dov Murik discovered that curl incorrectly handled parsing ASN.1
Generalized Time fields. A remote attacker could use this issue to cause
curl to crash, resulting in a denial of service, or possibly obtain
sensitive memory contents.

Read More

roundcubemail-1.6.8-1.fc40

Read Time:1 Minute, 0 Second

FEDORA-2024-2e908e829a

Packages in this update:

roundcubemail-1.6.8-1.fc40

Update description:

Version 1.6.8

Managesieve: Protect special scripts in managesieve_kolab_master mode
Fix newmail_notifier notification focus in Chrome (#9467)
Fix fatal error when parsing some TNEF attachments (#9462)
Fix double scrollbar when composing a mail with many plain text lines (#7760)
Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
Fix bug where “with attachment” filter could fail on some fts engines (#9514)
Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
Fix bug where a long subject title could not be displayed in some cases (#9416)
Fix infinite loop when parsing malformed Sieve script (#9562)
Fix bug where imap_conn_option’s ‘socket’ was ignored (#9566)
Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010

Read More

roundcubemail-1.6.8-1.fc39

Read Time:1 Minute, 0 Second

FEDORA-2024-b60eb661a4

Packages in this update:

roundcubemail-1.6.8-1.fc39

Update description:

Version 1.6.8

Managesieve: Protect special scripts in managesieve_kolab_master mode
Fix newmail_notifier notification focus in Chrome (#9467)
Fix fatal error when parsing some TNEF attachments (#9462)
Fix double scrollbar when composing a mail with many plain text lines (#7760)
Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
Fix bug where “with attachment” filter could fail on some fts engines (#9514)
Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
Fix bug where a long subject title could not be displayed in some cases (#9416)
Fix infinite loop when parsing malformed Sieve script (#9562)
Fix bug where imap_conn_option’s ‘socket’ was ignored (#9566)
Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010

Read More

roundcubemail-1.5.8-1.el9

Read Time:22 Second

FEDORA-EPEL-2024-1b8e0ad5c2

Packages in this update:

roundcubemail-1.5.8-1.el9

Update description:

Version 1.5.8

Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010
Fix so install/update scripts do not require PEAR (#9037)

Read More

ZDI-24-1057: Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-7511.

Read More

ZDI-24-1055: Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7509.

Read More

ZDI-24-1054: Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7508.

Read More