openSUSE: 2023:0083-1 important: nextcloud
Description
This update for nextcloud fixes the following issues: - Update to 23.0.12 See: https://nextcloud.com/changelog/#latest23 - This also fix security issues: - CVE-2022-35931: Password Policy app could generate passwords that would be block (boo#1203190) - CVE-2022-39346: Missing length validation of user displayname allows to generate an SQL error (boo#1205802) - CVE-2023-25579: Potential directory traversal in OC\Files\Node\Folder::getFullPath (boo#1208591)
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-83=1
Package List
- openSUSE Backports SLE-15-SP4 (noarch): nextcloud-23.0.12-bp154.2.3.1 nextcloud-apache-23.0.12-bp154.2.3.1
References
https://www.suse.com/security/cve/CVE-2022-35931.html https://www.suse.com/security/cve/CVE-2022-39346.html https://www.suse.com/security/cve/CVE-2023-25579.html https://bugzilla.suse.com/1203190 https://bugzilla.suse.com/1205802 https://bugzilla.suse.com/1208591