--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-4693
2015-03-26 16:44:51
--------------------------------------------------------------------------------

Name        : owncloud
Product     : Fedora 20
Version     : 7.0.5
Release     : 2.fc20
URL         : https://owncloud.com/
Summary     : Private file sync and share server
Description :
ownCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. ownCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

This update provides the new release 7.0.5, which resolves currently undisclosed security vulnerabilities in ownCloud.

It is a minor version update and should apply without any issues or special handling, but as usual, we recommend backing up your data, configuration, and database before updating.

We have also backported a post-7.0.5 fix for a 'critical' issue: https://github.com/owncloud/core/issues/14843 .
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2015 Adam Williamson  - 7.0.5-2
- fix patch backported in previous build (upstream made a booboo)
* Mon Mar 23 2015 Adam Williamson  - 7.0.5-1
- new release 7.0.5 (fixes yet-undisclosed vulns, #1204821 #1204823)
- also backport fix for 'severe' upstream issue #14843
* Sun Feb 22 2015 Adam Williamson  - 7.0.4-3
- revise and strengthen Apache configuration layout, fix external apps
- fix external apps for Nginx
* Sat Dec 20 2014 Adam Williamson  - 7.0.4-2
- backport upstream support for google PHP lib 1.x and unbundle it
* Tue Dec  9 2014 Adam Williamson  - 7.0.4-1
- new release 7.0.4
* Tue Nov 25 2014 Adam Williamson  - 7.0.3-3
- fix dropbox autoload patch (thanks Tomas Dolezal) #1168082
* Tue Nov 11 2014 Adam Williamson  - 7.0.3-2
- drop unnecessary bits from 3rdparty_includes.patch
- split Dropbox loading changes into a separate patch (submitted upstream)
* Mon Nov 10 2014 Adam Williamson  - 7.0.3-1
- new release 7.0.3
* Wed Oct 29 2014 Adam Williamson  - 7.0.2-4
- db sub-packages should not depend on db server packages
- improve README
- improve db sub-package descriptions
- don't check for new versions or working .htaccess files
* Tue Oct 28 2014 Adam Williamson  - 7.0.2-3
- drop unnecessary deps: php-gmp (#1152438) and Net_Curl(#999720)
- re-arrange deps in spec to be the way I like 'em
* Tue Sep  9 2014 Adam Williamson  - 7.0.2-2
- 10927.patch: backport fix for an upgrade bug (upstream #10762)
* Thu Aug 28 2014 Adam Williamson  - 7.0.2-1
- update to 7.0.2
- update patch for using Composer autoloader with 3rdparty deps
* Wed Aug 20 2014 Adam Williamson  - 7.0.1-2
- make php directives in httpd config conditional on mod_php (FPM compat)
* Wed Aug 20 2014 Adam Williamson  - 7.0.1-1
- update to 7.0.1
- drop contact_type.patch (merged upstream)
* Tue Jul 29 2014 Adam Williamson  - 7.0.0-6
- do not ship upstream's 'updater' app (it'll only lead to tears)
- don't patch and ship OC's sample config, write a stub instead
* Tue Jul 29 2014 Adam Williamson  - 7.0.0-5
- fix up sabre paths right this time
* Tue Jul 29 2014 Adam Williamson  - 7.0.0-4
- more autoloader tweaking
- use composer not OC autoloader for legacy 3rdparty includes (core#9643)
- specify explicit paths to Sabre deps
* Sun Jul 27 2014 Adam Williamson  - 7.0.0-3
- update apache config for OC 7 changes
- drop unneeded isoft/mssql-bundle from 3rdparty
* Sun Jul 27 2014 Adam Williamson  - 7.0.0-2
- opcache_invalidate.patch: avoid triggering a crash in the PHP opcache
- contact_type.patch: fix selection of current field type in contact view
* Thu Jul 24 2014 Adam Williamson  - 7.0.0-1
- 7.0.0
- rediff 3rdparty_includes.patch
- update 3rdparty strip commands and dependencies for upstream changes
- update dependencies
* Mon Jun 30 2014 Gregor Tätzner  - 6.0.4-1
- 6.0.4
* Sat Jun  7 2014 Fedora Release Engineering  - 6.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May  1 2014 Gregor Tätzner  - 6.0.3-1
- 6.0.3
- update symfony routing patch
* Tue Mar  4 2014 Gregor Tätzner  - 6.0.2-1
- 6.0.2
* Mon Feb 24 2014 Adam Williamson  - 6.0.1-3
- set a minimum ver on the DBAL req for safety (using with 2.3 is dangerous)
* Mon Jan 27 2014 Adam Williamson  - 6.0.1-2
- unbundle phpseclib (packaged now)
* Thu Jan 23 2014 Gregor Tätzner  - 6.0.1-1
- 6.0.1
* Tue Jan 14 2014 Gregor Tätzner   - 6.0.0a-9
- fix routing with symfony 2.3
* Fri Jan 10 2014 Adam Williamson  - 6.0.0a-8
- make a warning OC keeps triggering into a debug message
* Thu Jan  9 2014 Adam Williamson  - 6.0.0a-7
- re-enable irods, patch loading of it, add dependency on it
* Fri Jan  3 2014 Adam Williamson  - 6.0.0a-6
- disable irods a bit harder
* Fri Jan  3 2014 Adam Williamson  - 6.0.0a-5
- drop non-existent OC_User_IMAP from config file
* Fri Jan  3 2014 Adam Williamson  - 6.0.0a-4
- apps_3rdparty_includes: fix more 3rdparty loading stuff
- disable_irods: disable storage app's irods (it's broken)
* Mon Dec 30 2013 Adam Williamson  - 6.0.0a-3
- tar-include, blowfish-include, dropbox-include: fix more paths
* Mon Dec 30 2013 Adam Williamson  - 6.0.0a-2
- dropbox-include.patch: fix loading of system copy of php-Dropbox
* Sun Dec 22 2013 Adam Williamson  - 6.0.0a-1
- 6.0.0a
* Sun Dec 22 2013 Gregor Tätzner  - 6.0.0-1
- 6.0.0
* Fri Dec 20 2013 Adam Williamson  - 5.0.14a-2
- Correct location of php-symfony-routing: #1045301
* Fri Dec 20 2013 Adam Williamson  - 5.0.14a-1
- 5.0.14a
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1204821 - owncloud: new security issues fixed upstream in 6.0.7 and 7.0.5
        https://bugzilla.redhat.com/show_bug.cgi?id=1204821
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update owncloud' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 20: owncloud Security Update

April 18, 2015
This update provides the new release 7.0.5, which resolves currently undisclosed security vulnerabilities in ownCloud

Summary

ownCloud gives you universal access to your files through a web interface or

WebDAV. It also provides a platform to easily view & sync your contacts,

calendars and bookmarks across all your devices and enables basic editing right

on the web. ownCloud is extendable via a simple but powerful API for

applications and plugins.

Update Information:

This update provides the new release 7.0.5, which resolves currently undisclosed security vulnerabilities in ownCloud.

It is a minor version update and should apply without any issues or special handling, but as usual, we recommend backing up your data, configuration, and database before updating.

We have also backported a post-7.0.5 fix for a 'critical' issue: https://github.com/owncloud/core/issues/14843 .

Change Log

* Tue Mar 24 2015 Adam Williamson - 7.0.5-2 - fix patch backported in previous build (upstream made a booboo) * Mon Mar 23 2015 Adam Williamson - 7.0.5-1 - new release 7.0.5 (fixes yet-undisclosed vulns, #1204821 #1204823) - also backport fix for 'severe' upstream issue #14843 * Sun Feb 22 2015 Adam Williamson - 7.0.4-3 - revise and strengthen Apache configuration layout, fix external apps - fix external apps for Nginx * Sat Dec 20 2014 Adam Williamson - 7.0.4-2 - backport upstream support for google PHP lib 1.x and unbundle it * Tue Dec 9 2014 Adam Williamson - 7.0.4-1 - new release 7.0.4 * Tue Nov 25 2014 Adam Williamson - 7.0.3-3 - fix dropbox autoload patch (thanks Tomas Dolezal) #1168082 * Tue Nov 11 2014 Adam Williamson - 7.0.3-2 - drop unnecessary bits from 3rdparty_includes.patch - split Dropbox loading changes into a separate patch (submitted upstream) * Mon Nov 10 2014 Adam Williamson - 7.0.3-1 - new release 7.0.3 * Wed Oct 29 2014 Adam Williamson - 7.0.2-4 - db sub-packages should not depend on db server packages - improve README - improve db sub-package descriptions - don't check for new versions or working .htaccess files * Tue Oct 28 2014 Adam Williamson - 7.0.2-3 - drop unnecessary deps: php-gmp (#1152438) and Net_Curl(#999720) - re-arrange deps in spec to be the way I like 'em * Tue Sep 9 2014 Adam Williamson - 7.0.2-2 - 10927.patch: backport fix for an upgrade bug (upstream #10762) * Thu Aug 28 2014 Adam Williamson - 7.0.2-1 - update to 7.0.2 - update patch for using Composer autoloader with 3rdparty deps * Wed Aug 20 2014 Adam Williamson - 7.0.1-2 - make php directives in httpd config conditional on mod_php (FPM compat) * Wed Aug 20 2014 Adam Williamson - 7.0.1-1 - update to 7.0.1 - drop contact_type.patch (merged upstream) * Tue Jul 29 2014 Adam Williamson - 7.0.0-6 - do not ship upstream's 'updater' app (it'll only lead to tears) - don't patch and ship OC's sample config, write a stub instead * Tue Jul 29 2014 Adam Williamson - 7.0.0-5 - fix up sabre paths right this time * Tue Jul 29 2014 Adam Williamson - 7.0.0-4 - more autoloader tweaking - use composer not OC autoloader for legacy 3rdparty includes (core#9643) - specify explicit paths to Sabre deps * Sun Jul 27 2014 Adam Williamson - 7.0.0-3 - update apache config for OC 7 changes - drop unneeded isoft/mssql-bundle from 3rdparty * Sun Jul 27 2014 Adam Williamson - 7.0.0-2 - opcache_invalidate.patch: avoid triggering a crash in the PHP opcache - contact_type.patch: fix selection of current field type in contact view * Thu Jul 24 2014 Adam Williamson - 7.0.0-1 - 7.0.0 - rediff 3rdparty_includes.patch - update 3rdparty strip commands and dependencies for upstream changes - update dependencies * Mon Jun 30 2014 Gregor Tätzner - 6.0.4-1 - 6.0.4 * Sat Jun 7 2014 Fedora Release Engineering - 6.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 1 2014 Gregor Tätzner - 6.0.3-1 - 6.0.3 - update symfony routing patch * Tue Mar 4 2014 Gregor Tätzner - 6.0.2-1 - 6.0.2 * Mon Feb 24 2014 Adam Williamson - 6.0.1-3 - set a minimum ver on the DBAL req for safety (using with 2.3 is dangerous) * Mon Jan 27 2014 Adam Williamson - 6.0.1-2 - unbundle phpseclib (packaged now) * Thu Jan 23 2014 Gregor Tätzner - 6.0.1-1 - 6.0.1 * Tue Jan 14 2014 Gregor Tätzner - 6.0.0a-9 - fix routing with symfony 2.3 * Fri Jan 10 2014 Adam Williamson - 6.0.0a-8 - make a warning OC keeps triggering into a debug message * Thu Jan 9 2014 Adam Williamson - 6.0.0a-7 - re-enable irods, patch loading of it, add dependency on it * Fri Jan 3 2014 Adam Williamson - 6.0.0a-6 - disable irods a bit harder * Fri Jan 3 2014 Adam Williamson - 6.0.0a-5 - drop non-existent OC_User_IMAP from config file * Fri Jan 3 2014 Adam Williamson - 6.0.0a-4 - apps_3rdparty_includes: fix more 3rdparty loading stuff - disable_irods: disable storage app's irods (it's broken) * Mon Dec 30 2013 Adam Williamson - 6.0.0a-3 - tar-include, blowfish-include, dropbox-include: fix more paths * Mon Dec 30 2013 Adam Williamson - 6.0.0a-2 - dropbox-include.patch: fix loading of system copy of php-Dropbox * Sun Dec 22 2013 Adam Williamson - 6.0.0a-1 - 6.0.0a * Sun Dec 22 2013 Gregor Tätzner - 6.0.0-1 - 6.0.0 * Fri Dec 20 2013 Adam Williamson - 5.0.14a-2 - Correct location of php-symfony-routing: #1045301 * Fri Dec 20 2013 Adam Williamson - 5.0.14a-1 - 5.0.14a

References

[ 1 ] Bug #1204821 - owncloud: new security issues fixed upstream in 6.0.7 and 7.0.5 https://bugzilla.redhat.com/show_bug.cgi?id=1204821

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update owncloud' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : owncloud
Product : Fedora 20
Version : 7.0.5
Release : 2.fc20
URL : https://owncloud.com/
Summary : Private file sync and share server

Related News

22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved