Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202208-17 ] Nextcloud: Multiple Vulnerabilities
Date: Wed, 10 Aug 2022 22:49:05
Message-Id: 166017067572.8.5508958871941595681@a9099abfa3b1
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202208-17
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Low
8 Title: Nextcloud: Multiple Vulnerabilities
9 Date: August 10, 2022
10 Bugs: #848873, #835073, #834803, #820368, #812443, #802096, #797253
11 ID: 202208-17
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Nextcloud, the worst of
19 which could result in denial of service.
20
21 Background
22 ==========
23
24 Nextcloud is a personal cloud that runs on your own server.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 www-apps/nextcloud < 23.0.4 >= 23.0.4
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Nextcloud. Please
38 review the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 Please review the referenced CVE identifiers for details.
44
45 Workaround
46 ==========
47
48 There is no known workaround at this time.
49
50 Resolution
51 ==========
52
53 All Nextcloud users should upgrade to the latest version:
54
55 # emerge --sync
56 # emerge --ask --oneshot --verbose ">=www-apps/nextcloud-23.0.4"
57
58 References
59 ==========
60
61 [ 1 ] CVE-2021-32653
62 https://nvd.nist.gov/vuln/detail/CVE-2021-32653
63 [ 2 ] CVE-2021-32654
64 https://nvd.nist.gov/vuln/detail/CVE-2021-32654
65 [ 3 ] CVE-2021-32655
66 https://nvd.nist.gov/vuln/detail/CVE-2021-32655
67 [ 4 ] CVE-2021-32656
68 https://nvd.nist.gov/vuln/detail/CVE-2021-32656
69 [ 5 ] CVE-2021-32657
70 https://nvd.nist.gov/vuln/detail/CVE-2021-32657
71 [ 6 ] CVE-2021-32678
72 https://nvd.nist.gov/vuln/detail/CVE-2021-32678
73 [ 7 ] CVE-2021-32679
74 https://nvd.nist.gov/vuln/detail/CVE-2021-32679
75 [ 8 ] CVE-2021-32680
76 https://nvd.nist.gov/vuln/detail/CVE-2021-32680
77 [ 9 ] CVE-2021-32688
78 https://nvd.nist.gov/vuln/detail/CVE-2021-32688
79 [ 10 ] CVE-2021-32703
80 https://nvd.nist.gov/vuln/detail/CVE-2021-32703
81 [ 11 ] CVE-2021-32705
82 https://nvd.nist.gov/vuln/detail/CVE-2021-32705
83 [ 12 ] CVE-2021-32725
84 https://nvd.nist.gov/vuln/detail/CVE-2021-32725
85 [ 13 ] CVE-2021-32726
86 https://nvd.nist.gov/vuln/detail/CVE-2021-32726
87 [ 14 ] CVE-2021-32734
88 https://nvd.nist.gov/vuln/detail/CVE-2021-32734
89 [ 15 ] CVE-2021-32800
90 https://nvd.nist.gov/vuln/detail/CVE-2021-32800
91 [ 16 ] CVE-2021-32801
92 https://nvd.nist.gov/vuln/detail/CVE-2021-32801
93 [ 17 ] CVE-2021-32802
94 https://nvd.nist.gov/vuln/detail/CVE-2021-32802
95 [ 18 ] CVE-2021-41177
96 https://nvd.nist.gov/vuln/detail/CVE-2021-41177
97 [ 19 ] CVE-2021-41178
98 https://nvd.nist.gov/vuln/detail/CVE-2021-41178
99 [ 20 ] CVE-2021-41239
100 https://nvd.nist.gov/vuln/detail/CVE-2021-41239
101 [ 21 ] CVE-2021-41241
102 https://nvd.nist.gov/vuln/detail/CVE-2021-41241
103 [ 22 ] CVE-2022-24741
104 https://nvd.nist.gov/vuln/detail/CVE-2022-24741
105 [ 23 ] CVE-2022-24888
106 https://nvd.nist.gov/vuln/detail/CVE-2022-24888
107 [ 24 ] CVE-2022-24889
108 https://nvd.nist.gov/vuln/detail/CVE-2022-24889
109 [ 25 ] CVE-2022-29243
110 https://nvd.nist.gov/vuln/detail/CVE-2022-29243
111
112 Availability
113 ============
114
115 This GLSA and any updates to it are available for viewing at
116 the Gentoo Security Website:
117
118 https://security.gentoo.org/glsa/202208-17
119
120 Concerns?
121 =========
122
123 Security is a primary focus of Gentoo Linux and ensuring the
124 confidentiality and security of our users' machines is of utmost
125 importance to us. Any security concerns should be addressed to
126 security@g.o or alternatively, you may file a bug at
127 https://bugs.gentoo.org.
128
129 License
130 =======
131
132 Copyright 2022 Gentoo Foundation, Inc; referenced text
133 belongs to its owner(s).
134
135 The contents of this document are licensed under the
136 Creative Commons - Attribution / Share Alike license.
137
138 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature