Release date:
Updated on:
Affected Systems:
RedHat Fedora 16
RedHat Fedora 15
RoundCube Webmail 0.3.1
RoundCube Webmail 0.2.2
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Unaffected system:
RoundCube Webmail 0.5.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53453
CVE (CAN) ID: CVE-2011-1491
RoundCube Webmail is a browser-based IMAP client.
The logon form in versions earlier than Roundcube Webmail 0.5.1 does not properly process verified non-scheduled logins, allowing remote authenticated users to obtain sensitive information.
<* Source: vendor
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 690456
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
RedHat
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.redhat.com/apps/support/errata/index.html