openSUSE: 2020:0220-1: moderate: nextcloud

    Date15 Feb 2020
    426
    Posted ByLinuxSecurity Advisories
    An update that fixes 6 vulnerabilities is now available.
       openSUSE Security Update: Security update for nextcloud
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:0220-1
    Rating:             moderate
    References:         #1162766 #1162775 #1162776 #1162781 #1162782 
                        #1162784 
    Cross-References:   CVE-2019-15613 CVE-2019-15621 CVE-2019-15623
                        CVE-2019-15624 CVE-2020-8118 CVE-2020-8119
                       
    Affected Products:
                        SUSE Package Hub for SUSE Linux Enterprise 12
    ______________________________________________________________________________
    
       An update that fixes 6 vulnerabilities is now available.
    
    Description:
    
       This update for nextcloud fixes the following issues:
    
       Nextcloud was updated to 15.0.14:
    
       - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour
         on the file extension when checking file mimetypes  (boo#1162766)
       - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused
         the server to send it's domain and user IDs to the Nextcloud Lookup
         Server without any further data when the Lookup server is disabled
         (boo#1162775)
       - NC-SA-2019-015, CVE-2019-15624: Improper Input Validation allowed group
         admins to create users with IDs of system folders (boo#1162776)
       - NC-SA-2019-012, CVE-2020-8119: Improper authorization caused leaking of
         previews and files when a file-drop share link is opened via the gallery
         app (boo#1162781)
       - NC-SA-2019-014, CVE-2020-8118: An authenticated server-side request
         forgery allowed to detect local and remote services when adding a new
         subscription in the calendar application (boo#1162782)
       - NC-SA-2020-012, CVE-2019-15621: Improper permissions preservation causes
         sharees to be able to reshare with write permissions when sharing the
         mount point of a share they received, as a public link (boo#1162784)
       - To many changes. For detail see: https://nextcloud.com/changelog/
    
       nextcloud was updated to 13.0.12:
    
       - Fix NC-SA-2020-001
       - To many changes. For detail see: https://nextcloud.com/changelog/
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Package Hub for SUSE Linux Enterprise 12:
    
          zypper in -t patch openSUSE-2020-220=1
    
    
    
    Package List:
    
       - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
    
          nextcloud-13.0.12-19.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-15613.html
       https://www.suse.com/security/cve/CVE-2019-15621.html
       https://www.suse.com/security/cve/CVE-2019-15623.html
       https://www.suse.com/security/cve/CVE-2019-15624.html
       https://www.suse.com/security/cve/CVE-2020-8118.html
       https://www.suse.com/security/cve/CVE-2020-8119.html
       https://bugzilla.suse.com/1162766
       https://bugzilla.suse.com/1162775
       https://bugzilla.suse.com/1162776
       https://bugzilla.suse.com/1162781
       https://bugzilla.suse.com/1162782
       https://bugzilla.suse.com/1162784
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.