openSUSE-SU-2018:3999-1

Опубликовано: 06 дек. 2018

Источник: suse-cvrf

Описание

Security update for nextcloud

This update for nextcloud fixes security issues and bugs.

Security issues fixed:

CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments (boo#1114817)

This update also contains all bug fixes and improvements in the 13.0.8 version, including:

Password expiration time changed from 12h to 7d
Bug fixes to the OAuth brute force protection
Various other bug fixes and improvements

Список пакетов

SUSE Package Hub for SUSE Linux Enterprise 12

nextcloud-13.0.8-bp150.2.6.1

SUSE Package Hub for SUSE Linux Enterprise 15

nextcloud-13.0.8-bp150.2.6.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00001.html
E-Mail link for openSUSE-SU-2018:3999-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.

Затронутые продукты

SUSE Package Hub for SUSE Linux Enterprise 12:nextcloud-13.0.8-bp150.2.6.1

SUSE Package Hub for SUSE Linux Enterprise 15:nextcloud-13.0.8-bp150.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-3780.html
CVE-2018-3780
https://bugzilla.suse.com/1105598
SUSE Bug 1105598

openSUSE-SU-2018:3999-1

Описание

Список пакетов

SUSE Package Hub for SUSE Linux Enterprise 12

SUSE Package Hub for SUSE Linux Enterprise 15

Ссылки

Уязвимость: CVE-2018-3780

Описание

Затронутые продукты

Ссылки