Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 34 NextCloud 20.0.11: Critical Security Flaws Addressed

fedora
Calendar Grey July 21, 2021
Dist Fedora Esm H88
The update for NextCloud version 20.0.11 in Fedora 34 resolves both critical and minor vulnerabilities, enhancing the safety of file sharing functionalities.
Update to 20.0.11; Fixes one high severity and multiple low severity CVEs

Summary

NextCloud gives you universal access to your files through a web interface or

WebDAV. It also provides a platform to easily view & sync your contacts,

calendars and bookmarks across all your devices and enables basic editing right

on the web. NextCloud is extendable via a simple but powerful API for

applications and plugins.

Update to 20.0.11; Fixes one high severity and multiple low severity CVEs

* Mon Jul 12 2021 Christopher Engelhard 20.0.11-1

- Update to 20.0.11; Fixes RHBZ#1981503; Fixes RHBZ#1981505

[ 1 ] Bug #1981503 - CVE-2021-32688 nextcloud: Improper permission check permits tokens to change their own permissions [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981503

[ 2 ] Bug #1981505 - CVE-2021-32680 nextcloud: Improper audit logging for expiration date events [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981505

[ 3 ] Bug #1981817 - CVE-2021-32678 nextcloud: ratelimit not applied on OCS API responses [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981817

[ 4 ] Bug #1981819 - CVE-2021-32679 nextcloud: filenames not escaped by default in controllers using DownloadResponse [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981819

[ 5 ] Bug #1981821 - CVE-2021-32703 nextcloud: lack of ratelimit on shareinfo endpoint [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981821

[ 6 ] Bug #1981824 - CVE-2021-32705 nextcloud: lack of ratelimit on public DAV endpoint [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981824

su -c 'dnf upgrade --advisory FEDORA-2021-9b421b78af' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical Fedora file sync audit logging permission issue rate limiting

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 20.0.11
Release: 1.fc34
URL: http://nextcloud.com
Summary: Private file sync and share server

Topics%20covered

Topics Covered

security advisory critical Fedora file sync audit logging permission issue rate limiting

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here