openSUSE: 2022:0089-1 Moderate: Nextcloud User Issues Detected

opensuse

March 23, 2022

An update that fixes three vulnerabilities is now available

Description

This update for nextcloud fixes the following issues:

nextcloud was updated to 21.0.9:

- CVE-2021-41239 (CWE-200): user enumeration setting not obeyed in User

Status API (boo#1196905)

- CVE-2021-41241 (CWE-863): groupfolders advanced permissions is not

obeyed for subfolders (boo#1196908)

- CVE-2021-41741 (CWE-400): High memory usage for generating preview of

broken image (boo#1196952)

- For more changes see https://nextcloud.com/changelog/#21-0-9

Topics Covered

security advisory openSUSE user enumeration Nextcloud permissions issues high memory usage

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2022-89=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

nextcloud-21.0.9-37.1

nextcloud-apache-21.0.9-37.1

References

https://www.suse.com/security/cve/CVE-2021-41239.html

https://www.suse.com/security/cve/CVE-2021-41241.html

https://www.suse.com/security/cve/CVE-2021-41741.html

https://bugzilla.suse.com/1196905

https://bugzilla.suse.com/1196908

https://bugzilla.suse.com/1196952

Announcement ID: openSUSE-SU-2022:0089-1

Rating: moderate

Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 .

Topics Covered

security advisory openSUSE user enumeration Nextcloud permissions issues high memory usage

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2022:0089-1 Moderate: Nextcloud User Issues Detected

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2022:0089-1 Moderate: Nextcloud User Issues Detected

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!