openSUSE: 2021:1068-1 Important: Nextcloud Security Fixes and Threats
opensuse
July 20, 2021
An update that fixes 13 vulnerabilities is now available
Description
This update for nextcloud fixes the following issues:
nextcloud was updated to 20.0.11:
- Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not
applied
- Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default
in controllers using DownloadResponse
- Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly
logged
- Fix boo#1188250 - CVE-2021-32688: lacking permission check with
application specific tokens
- Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo
endpoint
- Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV
endpoint
- Fix boo#1188253 - CVE-2021-32725: default share permissions were not
being respected for federated reshares of files and folders - Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after
a user has been deleted
- Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on
...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1068=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2021-1068=1
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-1068=1
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2021-1068=1
Package List
- openSUSE Leap 15.2 (noarch):
nextcloud-20.0.11-lp152.3.9.1
nextcloud-apache-20.0.11-lp152.3.9.1
- openSUSE Backports SLE-15-SP3 (noarch):
nextcloud-20.0.11-bp153.2.3.1
nextcloud-apache-20.0.11-bp153.2.3.1
- openSUSE Backports SLE-15-SP2 (noarch):
nextcloud-20.0.11-bp152.2.9.1
nextcloud-apache-20.0.11-bp152.2.9.1
- openSUSE Backports SLE-15-SP1 (noarch):
nextcloud-20.0.11-bp151.3.15.1
nextcloud-apache-20.0.11-bp151.3.15.1
References
https://www.suse.com/security/cve/CVE-2020-8293.html
https://www.suse.com/security/cve/CVE-2020-8294.html
https://www.suse.com/security/cve/CVE-2020-8295.html
https://www.suse.com/security/cve/CVE-2021-32678.html
https://www.suse.com/security/cve/CVE-2021-32679.html
https://www.suse.com/security/cve/CVE-2021-32680.html
https://www.suse.com/security/cve/CVE-2021-32688.html
https://www.suse.com/security/cve/CVE-2021-32703.html
https://www.suse.com/security/cve/CVE-2021-32705.html
https://www.suse.com/security/cve/CVE-2021-32725.html
https://www.suse.com/security/cve/CVE-2021-32726.html
https://www.suse.com/security/cve/CVE-2021-32734.html
https://www.suse.com/security/cve/CVE-2021-32741.html
https://bugzilla.suse.com/1181445
https://bugzilla.suse.com/1181803
https://bugzilla.suse.com/1181804
https://bugzilla.suse.com/1188247
https://bugzilla.suse.com/1188248
https://bugzilla.suse.com/1188249
https://bugzilla.suse.com/1188250
https://bugzilla.suse.com/1188251
https://bugzilla.suse.com/1188252
https://bugzilla....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:1068-1
Rating: important
Affected Products:
openSUSE Leap 15.2
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP2
openSUSE Backports SLE-15-SP1
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!