openSUSE-SU-2017:2641-1

Опубликовано: 03 окт. 2017

Источник: suse-cvrf

Описание

Security update for nextcloud

This update for nextcloud fixes the following issues:

CVE-2017-9286: During upgrade of the nextcloud package local attackers could gain root access via a /tmp file race. (boo#1036756)

Список пакетов

openSUSE Leap 42.3

nextcloud-11.0.3-3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html
E-Mail link for openSUSE-SU-2017:2641-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.

Затронутые продукты

openSUSE Leap 42.3:nextcloud-11.0.3-3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-9286.html
CVE-2017-9286
https://bugzilla.suse.com/1036756
SUSE Bug 1036756

openSUSE-SU-2017:2641-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-9286

Описание

Затронутые продукты

Ссылки