Roundcube Security Vulnerability prior v1.2.3
Roundcube Security Vulnerability prior v1.2.3
is this an issue? and is it fixed? :-D
if not: how can i disable / uninstall coundcube i am not using it... thanks!
https://github.com/roundcube/roundcube ... elease-123
heise Security
08.12.2016 17:58 Uhr
https://www.heise.de/newsticker/meldung ... itrag.atom
if not: how can i disable / uninstall coundcube i am not using it... thanks!
https://github.com/roundcube/roundcube ... elease-123
heise Security
08.12.2016 17:58 Uhr
https://www.heise.de/newsticker/meldung ... itrag.atom
Re: Roundcube Security Vulnerability prior v1.2.3
To use this security breach you will need to have a local email account - so it is not a big problem like it is written on heise.de. As soon, as the new package is published (roundcube-core), you can install it over system upgrade (apt-get upgrade / yum update).
VestaCP does not provide an own roundcube version, if you want to disable roundcube, you can to this for example by removing the /webmail alias from the system:
if you want to re-enable it, you can create again the symlink:
This will work for Ubuntu and Debian, should be a similar way for CentOS/Redhat systems.
VestaCP does not provide an own roundcube version, if you want to disable roundcube, you can to this for example by removing the /webmail alias from the system:
Code: Select all
rm /etc/apache2/conf.d/roundcube.conf
service apache2 restart
Code: Select all
ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf
service apache2 restartRe: Roundcube Security Vulnerability prior v1.2.3
There seems to be no security issue with exim4 and VestaCP, the needed switches (-X and -O) will be ignored from exim4 sendmail. Source: https://www.heise.de/forum/heise-Securi ... 5767/show/
Re: Roundcube Security Vulnerability prior v1.2.3
Thank you for your fast and competent answers :)
(Y) *thumbs*up*
(Y) *thumbs*up*