Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryFedoraRCEFedora 36: FEDORA-2023-e8a55515bc Critical Update for Nextcloud-Client
Security fix for CVE-2021-44537. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-d6faaa50eb 2022-08-14 03:00:28.871114 --------------------------------------------------------------------------------Name : owncloud-client Product : Fedora 35 Version : 2.10.1 Release : 1.fc35 URL : https://owncloud.com/desktop-app Summary : The ownCloud Client Description : Owncloud-client enables you to connect to your private ownCloud Server. With it you can create folders in your home directory, and keep the contents of those folders synced with your ownCloud server. Simply copy a file into the directory and the ownCloud Client does the rest. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-44537 --------------------------------------------------------------------------------ChangeLog: * Thu Aug 4 2022 Ali Erdinc Koroglu - 2.10.1-1 - Update to 2.10.1 (RHBZ #2106447) * Fri Jul 22 2022 Fedora Release Engineering - 2.9.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering - 2.9.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2106447 - CVE-2021-44537 owncloud-client: Resource Injection via a url could result in RCE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2106447 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-d6faaa50eb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 13, 2022
•Critical
Fedora
89
security advisorymoderatefedoraCentOS 9: 2023-05-22 High: Nextcloud-Client Code Vulnerability
Security fix for CVE-2021-44537. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-8d623b4c3f 2022-08-13 01:25:37.823730 --------------------------------------------------------------------------------Name : owncloud-client Product : Fedora 36 Version : 2.10.1 Release : 1.fc36 URL : https://owncloud.com/desktop-app Summary : The ownCloud Client Description : Owncloud-client enables you to connect to your private ownCloud Server. With it you can create folders in your home directory, and keep the contents of those folders synced with your ownCloud server. Simply copy a file into the directory and the ownCloud Client does the rest. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-44537 --------------------------------------------------------------------------------ChangeLog: * Thu Aug 4 2022 Ali Erdinc Koroglu - 2.10.1-1 - Update to 2.10.1 (RHBZ #2106447) * Fri Jul 22 2022 Fedora Release Engineering - 2.9.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering - 2.9.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2106447 - CVE-2021-44537 owncloud-client: Resource Injection via a url could result in RCE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2106447 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-8d623b4c3f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 12, 2022
Fedora
202
security advisorysoftware patchimportant updateopenSUSE 15.2: 2021:0577-1 Important: Nextcloud Desktop Resource Injection
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for nextcloud-desktop ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0577-1 Rating: important References: #1184770 Cross-References: CVE-2021-22879 CVSS scores: CVE-2021-22879 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.1.3: - desktop#2884 [stable-3.1] Add support for Hirsute - desktop#2920 [stable-3.1] Validate sensitive URLs to onle allow http(s) schemes. - desktop#2926 [stable-3.1] Validate the providers ssl certificate - desktop#2939 Bump release to 3.1.3 This also fix security issues: - (boo#1184770, CVE-2021-22879, NC-SA-2021-008 , CWE-99) Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-577=1 Package List: - openSUSE Leap 15.2 (x86_64): libnextcloudsync-devel-3.1.3-lp152.2.6.1 libnextcloudsync0-3.1.3-lp152.2.6.1 libnextcloudsync0-debuginfo-3.1.3-lp152.2.6.1 nextcloud-desktop-3.1.3-lp152.2.6.1 nextcloud-desktop-debuginfo-3.1.3-lp152.2.6.1 nextcloud-desktop-debugsource-3.1.3-lp152.2.6.1 nextcloud-desktop-dolphin-3.1.3-lp152.2.6.1 nextcloud-desktop-dolphin-debuginfo-3.1.3-lp152.2.6.1 - openSUSE Leap 15.2 (noarch): caja-extension-nextcloud-3.1.3-lp152.2.6.1 nautilus-extension-nextcloud-3.1.3-lp152.2.6.1 nemo-extension-nextcloud-3.1.3-lp152.2.6.1 nextcloud-desktop-doc-3.1.3-lp152.2.6.1 nextcloud-desktop-lang-3.1.3-lp152.2.6.1 References: https://www.suse.com/security/cve/CVE-2021-22879.html https://bugzilla.suse.com/1184770 . A crucial patch for the openSUSE nextcloud-client has been made available, resolving an issue related to resource injection vulnerabilities.. openSUSE Security Update,nextcloud-desktop patch,resource injection fix. . Severity: Important. LinuxSecurity.com Team
Apr 19, 2021
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!