openSUSE-SU-2018:1040-1

Опубликовано: 20 апр. 2018

Источник: suse-cvrf

Описание

Security update for nextcloud

This update for nextcloud fixes the following issues:

Security issue fixed:

CVE-2017-0936: Nextcloud Server before 11.0.7 suffers from an Authorization Bypass Through User-Controlled Key vulnerability (boo#1087402).

Bug fixes:

See online release notes for all relevant changes. https://nextcloud.com/changelog/

Список пакетов

openSUSE Leap 42.3

nextcloud-13.0.1-6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-04/msg00052.html
E-Mail link for openSUSE-SU-2018:1040-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.

Затронутые продукты

openSUSE Leap 42.3:nextcloud-13.0.1-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-0936.html
CVE-2017-0936
https://bugzilla.suse.com/1087402
SUSE Bug 1087402

openSUSE-SU-2018:1040-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-0936

Описание

Затронутые продукты

Ссылки