Описание
Security update for nextcloud-desktop
This update for nextcloud-desktop fixes the following issues:
nextcloud-desktop was updated to 3.1.3:
- desktop#2884 [stable-3.1] Add support for Hirsute
- desktop#2920 [stable-3.1] Validate sensitive URLs to onle allow http(s) schemes.
- desktop#2926 [stable-3.1] Validate the providers ssl certificate
- desktop#2939 Bump release to 3.1.3
This also fix security issues:
-
(boo#1184770, CVE-2021-22879, NC-SA-2021-008 , CWE-99)
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
Список пакетов
openSUSE Leap 15.2
caja-extension-nextcloud-3.1.3-lp152.2.6.1
libnextcloudsync-devel-3.1.3-lp152.2.6.1
libnextcloudsync0-3.1.3-lp152.2.6.1
nautilus-extension-nextcloud-3.1.3-lp152.2.6.1
nemo-extension-nextcloud-3.1.3-lp152.2.6.1
nextcloud-desktop-3.1.3-lp152.2.6.1
nextcloud-desktop-doc-3.1.3-lp152.2.6.1
nextcloud-desktop-dolphin-3.1.3-lp152.2.6.1
nextcloud-desktop-lang-3.1.3-lp152.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0577-1
- SUSE Security Ratings
- SUSE Bug 1184770
- SUSE CVE CVE-2021-22879 page
Описание
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
Затронутые продукты
openSUSE Leap 15.2:caja-extension-nextcloud-3.1.3-lp152.2.6.1
openSUSE Leap 15.2:libnextcloudsync-devel-3.1.3-lp152.2.6.1
openSUSE Leap 15.2:libnextcloudsync0-3.1.3-lp152.2.6.1
openSUSE Leap 15.2:nautilus-extension-nextcloud-3.1.3-lp152.2.6.1
Ссылки
- CVE-2021-22879
- SUSE Bug 1184770