openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1068-1)

The remote host is missing an update for the 'nextcloud' package(s) announced via the openSUSE-SU-2021:1068-1 advisory.

This update for nextcloud fixes the following issues: nextcloud was updated to 20.0.11: - Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied - Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse - Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly logged - Fix boo#1188250 - CVE-2021-32688: lacking permission check with application specific tokens - Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo endpoint - Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV endpoint - Fix boo#1188253 - CVE-2021-32725: default share permissions were not being respected for federated reshares of files and folders - Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after a user has been deleted - Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on shared files - Fix boo#1188256 - CVE-2021-32741: lack of ratelimiting on the public share link mount endpoint - Bump handlebars from 4.7.6 to 4.7.7 (server#26900) - Bump lodash from 4.17.20 to 4.17.21 (server#26909) - Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920) - Don&#x27 t break OCC if an app is breaking in it&#x27 s Application class (server#26954) - Add bruteforce protection to the shareinfo endpoint (server#26956) - Ignore readonly flag for directories (server#26965) - Throttle MountPublicLinkController when share is not found (server#26971) - Respect default share permissions for federated reshares (server#27001) - Harden apptoken check (server#27014) - Use parent wrapper to properly handle moves on the same source/target storage (server#27016) - Fix error when using CORS with no auth credentials (server#27027) - Fix return value of getStorageInfo when &#x27 quota_include_external_storage&#x27 is enabled (server#27108) - Bump patch dependencies (server#27183) - Use noreply@ as email address for share emails (server#27209) - Bump p-queue from 6.6.1 to 6.6.2 (server#27226) - Bump browserslist from 4.14.0 to 4.16.6 (server#27247) - Bump webpack from 4.44.1 to 4.44.2 (server#27297) - Properly use limit and offset for search in Jail wrapper (server#27308) - Make user:report command scale (server#27319) - Properly log expiration date removal in audit log (server#27325) - Propagate throttling on OCS response (serv ... Description truncated. Please see the references for more information.

'nextcloud' package(s) on openSUSE Leap 15.2.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).