This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before
Posts Tagged Fedora Linux Distribution – Security Advisories
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Qt 6.9.1 bugfix release.
Disallowing use of the arcfour-hmac(-md5) encryption type for session keys Add support for the PKINIT paChecksum2 sequence, required for Active Directory interoperability on Windows Server 2025 Fix generation of RADIUS Message-Authenticator in FIPS mode
Disallowing use of the arcfour-hmac(-md5) encryption type for session keys Add support for the PKINIT paChecksum2 sequence, required for Active Directory interoperability on Windows Server 2025 Fix generation of RADIUS Message-Authenticator in FIPS mode
Update to version 4.21.6
Fix CVE-2025-23016
Add patch for double free
Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420, CVE-2025-46421, CVE-2025-4945
Typo fix in test patch
Add patch for double free
This release fixes an integer and heap buffer overflow when processing a user FastCGI request.
Update to 2.53.21
Update to 3.0.14 and fix CVE-2025-27110
Update to upstream 2.1-49. 20250512 Addition of 06-ad-01/0x20 (GNR-AP/SP H0) microcode at revision 0xa0000d1; Addition of 06-ad-01/0x95 (GNR-AP/SP B0) microcode at revision 0x10003a2;
31.0.5 release RHBZ#2364462 RHBZ#2366729 RHBZ#2366735
Update to 3.0.14 and fix CVE-2025-27110
Fix for local information disclosure in systemd-coredump (CVE-2025-4598) Various other fixes
Update to 137.0.7151.55 CVE-2025-5063: Use after free in Compositing CVE-2025-5280: Out of bounds write in V8 CVE-2025-5064: Inappropriate implementation in Background Fetch API CVE-2025-5065: Inappropriate implementation in FileSystemAccess API
Update to 137.0.7151.55 CVE-2025-5063: Use after free in Compositing CVE-2025-5280: Out of bounds write in V8 CVE-2025-5064: Inappropriate implementation in Background Fetch API CVE-2025-5065: Inappropriate implementation in FileSystemAccess API
Update to 128.11.0 https://www.thunderbird.net/en-US/thunderbird/128.11.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/