==========================================================================
Ubuntu Security Notice USN-8482-1
June 30, 2026

roundcube vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS

Summary:

Roundcube Webmail could be made to run programs as your login if it opened
a malicious website.

Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack 

Details:

It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting
(XSS) vulnerability via the animate tag in an SVG document. An attacker
could use this issue to execute arbitrary web script in the context of an 
affected user's session.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  roundcube                       1.6.11+dfsg-1ubuntu0.26.04.1~esm1
                                  Available with Ubuntu Pro
  roundcube-core                  1.6.11+dfsg-1ubuntu0.26.04.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8482-1
  CVE-2025-68461

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to