[USN-7200-1] Roundcube vulnerability

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmeFCCYFAwAAAAAACgkQC+du+fOjiEyY
mQwAvaJc/c6uh5PwVbIGvuKD9gy4BvTJTaapZSykyhUaOPjNnxTBuk6HK9oGn8OJPONN+ae0aNX4
ORN594MOsTFKsvOzio/3dAHXtmTqsRGqrwkHSFvCqj8XVjJyNe+TIDLbHQnyvDM5N2efq8gmdz4d
i6KG7uUazl4gecnBQ3x+T/a0JrdTiQA5yLbxH4Llr8Nivoe0gfcQ1wI+ypBZDNSFCh8kS/35vTWd
Y/+TFZ5CF5O2gZVy8A1HwHXtpJEx1pP+CTFqb7r2ovQVp72TH7UZp3EnTAbVzcekSwMSnXu0wkT5
5WbaH6bvRziFYvfAN7T3B1fCyFVGZ9cFszYSW2WGiFahEQ5sw9OIuijDla275ivo9wOZh9vdF1Kv
NG960x+Tu6viLpMQVEEvBp0f7bhAFAK4j7lJ4vPR0rorWtiuG5K4h+a45mCUd3hX6xcPm2LD9CdR
C1lfZgNAasm1Xu6Srpbuc2tjlmEPJvNRh3T55M3DRW1JSrOvuT14wLQxoO+m
=Ln6E
-----END PGP SIGNATURE-----

==========================================================================
Ubuntu Security Notice USN-7200-1
January 13, 2025

roundcube vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Roundcube could be made to expose sensitive information.

Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack

Details:

It was discovered that Roundcube incorrectly handled certain file-based
attachment plugins. An attacker could exploit this to gain unauthorized
access to arbitrary files on the host's file system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  roundcube-core                  1.2~beta+dfsg.1-0ubuntu1+esm5
                                  Available with Ubuntu Pro
  roundcube-plugins               1.2~beta+dfsg.1-0ubuntu1+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7200-1
  CVE-2017-16651