Mandriva Update For Roundcubemail MDVSA-2010:048 (roundcubemail) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests (CVE-2010-0464). The updated packages have been patched to correct this issue.

Affected

roundcubemail on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-0464
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:038 (blender)
Mandrake Security Advisory MDVSA-2009:170 (initscripts)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)
Mandrake Security Advisory MDVSA-2009:117 (ntp)
Mandrake Security Advisory MDVSA-2009:039 (gedit)

Mandriva Update for roundcubemail MDVSA-2010:048 (roundcubemail)

Take action and discover your vulnerabilities