Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

openSUSE: 2022:0089-1 Moderate: Nextcloud User Issues Detected

opensuse
Calendar Grey March 23, 2022
Scroller Opensuse
New release addresses several vulnerabilities in Nextcloud, improving security measures and elevating overall platform efficiency.
An update that fixes three vulnerabilities is now available

Description

This update for nextcloud fixes the following issues:

nextcloud was updated to 21.0.9:

- CVE-2021-41239 (CWE-200): user enumeration setting not obeyed in User

Status API (boo#1196905)

- CVE-2021-41241 (CWE-863): groupfolders advanced permissions is not

obeyed for subfolders (boo#1196908)

- CVE-2021-41741 (CWE-400): High memory usage for generating preview of

broken image (boo#1196952)

- For more changes see https://nextcloud.com/changelog/#21-0-9

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2022-89=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

nextcloud-21.0.9-37.1

nextcloud-apache-21.0.9-37.1

References

https://www.suse.com/security/cve/CVE-2021-41239.html

https://www.suse.com/security/cve/CVE-2021-41241.html

https://www.suse.com/security/cve/CVE-2021-41741.html

https://bugzilla.suse.com/1196905

https://bugzilla.suse.com/1196908

https://bugzilla.suse.com/1196952

Announcement ID: openSUSE-SU-2022:0089-1
Rating: moderate
Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.