Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

openSUSE 12: 2021:1602-1 Important: Nextcloud Access Control Issues

opensuse
Calendar Grey December 20, 2021
Dist Opensuse Esm H88
Nextcloud undergoes a significant security enhancement in Fedora, addressing three critical vulnerabilities for improved safety.
An update that fixes three vulnerabilities is now available

Description

This update for nextcloud fixes the following issues:

Update to 20.0.14

Security issues fixed:

* CVE-2021-41179: Fix boo#1192028 - (CWE-304): Two-Factor Authentication

not enforced for pages marked as public

* CVE-2021-41178: Fix boo#1192030 - (CWE-434): File Traversal affecting

SVG files on Nextcloud Server

* CVE-2021-41177: Fix boo#1192031 - (CWE-799): Rate-limits not working on

instances without configured memory cache backend

Changes:

- Add command to repair broken filesystem trees (server#26630)

- Ensure that user and group IDs in LDAP's tables are also max 64chars (server#28971)

- Change output format of Psalm to Github (server#29048)

- File-upload: Correctly handle error responses for HTTP2 (server#29069)

- Allow "TwoFactor Nextcloud Notifications" to pull the state of the 2F???

(server#29072)

- Add a few sensitive config keys (server#29085)

- Fix path of file_get_contents (server#29095)

- Update the...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory access control important SUSE nextcloud file traversal rate limits

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2021-1602=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

nextcloud-20.0.14-34.1

nextcloud-apache-20.0.14-34.1

References

https://www.suse.com/security/cve/CVE-2021-41177.html

https://www.suse.com/security/cve/CVE-2021-41178.html

https://www.suse.com/security/cve/CVE-2021-41179.html

https://bugzilla.suse.com/1192028

https://bugzilla.suse.com/1192030

https://bugzilla.suse.com/1192031

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1602-1
Rating: important
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 .

Topics%20covered

Topics Covered

security advisory access control important SUSE nextcloud file traversal rate limits

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here