Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 618
Alerts This Week
Warning Icon 1 618

openSUSE: 2023:0083-1 Important Nextcloud Security Fixes

opensuse
Calendar Grey April 3, 2023
Dist Opensuse Esm H88
Enhance your Nextcloud installation on openSUSE by applying essential security patches that tackle urgent vulnerabilities.
An update that fixes three vulnerabilities is now available

Description

This update for nextcloud fixes the following issues:

- Update to 23.0.12 See: https://nextcloud.com/changelog/#latest23

- This also fix security issues:

- CVE-2022-35931: Password Policy app could generate passwords that

would be block (boo#1203190)

- CVE-2022-39346: Missing length validation of user displayname allows

to generate an SQL error (boo#1205802)

- CVE-2023-25579: Potential directory traversal in

OC\Files\Node\Folder::getFullPath (boo#1208591)

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-83=1

Package List

- openSUSE Backports SLE-15-SP4 (noarch):

nextcloud-23.0.12-bp154.2.3.1

nextcloud-apache-23.0.12-bp154.2.3.1

References

https://www.suse.com/security/cve/CVE-2022-35931.html

https://www.suse.com/security/cve/CVE-2022-39346.html

https://www.suse.com/security/cve/CVE-2023-25579.html

https://bugzilla.suse.com/1203190

https://bugzilla.suse.com/1205802

https://bugzilla.suse.com/1208591

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0083-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP4 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.