--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2021-9b421b78af
2021-07-22 01:13:10.976131
--------------------------------------------------------------------------------Name        : nextcloud
Product     : Fedora 34
Version     : 20.0.11
Release     : 1.fc34
URL         : http://nextcloud.com
Summary     : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------Update Information:

Update to 20.0.11; Fixes one high severity and multiple low severity CVEs
--------------------------------------------------------------------------------ChangeLog:

* Mon Jul 12 2021 Christopher Engelhard  20.0.11-1
- Update to 20.0.11; Fixes RHBZ#1981503; Fixes RHBZ#1981505
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1981503 - CVE-2021-32688 nextcloud: Improper permission check permits tokens to change their own permissions [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1981503
  [ 2 ] Bug #1981505 - CVE-2021-32680 nextcloud: Improper audit logging for expiration date events [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1981505
  [ 3 ] Bug #1981817 - CVE-2021-32678 nextcloud: ratelimit not applied on OCS API responses [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1981817
  [ 4 ] Bug #1981819 - CVE-2021-32679 nextcloud: filenames not escaped by default in controllers using DownloadResponse [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1981819
  [ 5 ] Bug #1981821 - CVE-2021-32703 nextcloud: lack of ratelimit on shareinfo endpoint [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1981821
  [ 6 ] Bug #1981824 - CVE-2021-32705 nextcloud: lack of ratelimit on public DAV endpoint [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1981824
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-9b421b78af' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 34: nextcloud 2021-9b421b78af

July 21, 2021
Update to 20.0.11; Fixes one high severity and multiple low severity CVEs

Summary

NextCloud gives you universal access to your files through a web interface or

WebDAV. It also provides a platform to easily view & sync your contacts,

calendars and bookmarks across all your devices and enables basic editing right

on the web. NextCloud is extendable via a simple but powerful API for

applications and plugins.

Update to 20.0.11; Fixes one high severity and multiple low severity CVEs

* Mon Jul 12 2021 Christopher Engelhard 20.0.11-1

- Update to 20.0.11; Fixes RHBZ#1981503; Fixes RHBZ#1981505

[ 1 ] Bug #1981503 - CVE-2021-32688 nextcloud: Improper permission check permits tokens to change their own permissions [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981503

[ 2 ] Bug #1981505 - CVE-2021-32680 nextcloud: Improper audit logging for expiration date events [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981505

[ 3 ] Bug #1981817 - CVE-2021-32678 nextcloud: ratelimit not applied on OCS API responses [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981817

[ 4 ] Bug #1981819 - CVE-2021-32679 nextcloud: filenames not escaped by default in controllers using DownloadResponse [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981819

[ 5 ] Bug #1981821 - CVE-2021-32703 nextcloud: lack of ratelimit on shareinfo endpoint [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981821

[ 6 ] Bug #1981824 - CVE-2021-32705 nextcloud: lack of ratelimit on public DAV endpoint [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1981824

su -c 'dnf upgrade --advisory FEDORA-2021-9b421b78af' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2021-9b421b78af 2021-07-22 01:13:10.976131 Product : Fedora 34 Version : 20.0.11 Release : 1.fc34 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. Update to 20.0.11; Fixes one high severity and multiple low severity CVEs * Mon Jul 12 2021 Christopher Engelhard 20.0.11-1 - Update to 20.0.11; Fixes RHBZ#1981503; Fixes RHBZ#1981505 [ 1 ] Bug #1981503 - CVE-2021-32688 nextcloud: Improper permission check permits tokens to change their own permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1981503 [ 2 ] Bug #1981505 - CVE-2021-32680 nextcloud: Improper audit logging for expiration date events [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1981505 [ 3 ] Bug #1981817 - CVE-2021-32678 nextcloud: ratelimit not applied on OCS API responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1981817 [ 4 ] Bug #1981819 - CVE-2021-32679 nextcloud: filenames not escaped by default in controllers using DownloadResponse [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1981819 [ 5 ] Bug #1981821 - CVE-2021-32703 nextcloud: lack of ratelimit on shareinfo endpoint [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1981821 [ 6 ] Bug #1981824 - CVE-2021-32705 nextcloud: lack of ratelimit on public DAV endpoint [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1981824 su -c 'dnf upgrade --advisory FEDORA-2021-9b421b78af' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity
Product : Fedora 34
Version : 20.0.11
Release : 1.fc34
URL : http://nextcloud.com
Summary : Private file sync and share server

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved