Mandriva Update For Roundcubemail MDVSA-2010:048 (roundcubemail) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests (CVE-2010-0464). The updated packages have been patched to correct this issue.

Affected

roundcubemail on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-0464

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:004 (pam_mount)
Mandrake Security Advisory MDVSA-2009:193 (ruby)
Mandrake Security Advisory MDVSA-2009:119 (kernel)
Mandrake Security Advisory MDVSA-2009:181 (bind)

Mandriva Update for roundcubemail MDVSA-2010:048 (roundcubemail)

Take action and discover your vulnerabilities