openSUSE: 2020:0229-1: moderate: nextcloud

    Date17 Feb 2020
    Posted ByLinuxSecurity Advisories
    An update that fixes 6 vulnerabilities is now available.
       openSUSE Security Update: Security update for nextcloud
    Announcement ID:    openSUSE-SU-2020:0229-1
    Rating:             moderate
    References:         #1162766 #1162775 #1162776 #1162781 #1162782 
    Cross-References:   CVE-2019-15613 CVE-2019-15621 CVE-2019-15623
                        CVE-2019-15624 CVE-2020-8118 CVE-2020-8119
    Affected Products:
                        openSUSE Backports SLE-15-SP1
       An update that fixes 6 vulnerabilities is now available.
       This update for nextcloud fixes the following issues:
       Nextcloud was updated to 15.0.14:
       - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour
         on the file extension when checking file mimetypes  (boo#1162766)
       - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused
         the server to send it's domain and user IDs to the Nextcloud Lookup
         Server without any further data when the Lookup server is disabled
       - NC-SA-2019-015, CVE-2019-15624: Improper Input Validation allowed group
         admins to create users with IDs of system folders (boo#1162776)
       - NC-SA-2019-012, CVE-2020-8119: Improper authorization caused leaking of
         previews and files when a file-drop share link is opened via the gallery
         app (boo#1162781)
       - NC-SA-2019-014, CVE-2020-8118: An authenticated server-side request
         forgery allowed to detect local and remote services when adding a new
         subscription in the calendar application (boo#1162782)
       - NC-SA-2020-012, CVE-2019-15621: Improper permissions preservation causes
         sharees to be able to reshare with write permissions when sharing the
         mount point of a share they received, as a public link (boo#1162784)
       - To many changes. For detail see:
       nextcloud was updated to 13.0.12:
       - Fix NC-SA-2020-001
       - To many changes. For detail see:
       This update was imported from the openSUSE:Leap:15.1:Update update project.
    Patch Instructions:
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - openSUSE Backports SLE-15-SP1:
          zypper in -t patch openSUSE-2020-229=1
    Package List:
       - openSUSE Backports SLE-15-SP1 (noarch):

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.