openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1253-1)

The remote host is missing an update for the 'nextcloud' package(s) announced via the openSUSE-SU-2021:1253-1 advisory.

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo#1190291 - CVE-2021-32766 (CWE-209): Generation of Error Message Containing Sensitive Information - CVE-2021-32800 (CWE-306): Missing Authentication for Critical Function - CVE-2021-32801 (CWE-532): Insertion of Sensitive Information into Log File - CVE-2021-32802 (CWE-829): Inclusion of Functionality from Untrusted Control Sphere Changes: - Bump vue-router from 3.4.3 to 3.4.9 (server#27224) - Bump v-click-outside from 3.1.1 to 3.1.2 (server#27232) - Bump url-search-params-polyfill from 8.1.0 to 8.1.1 (server#27236) - Bump debounce from 1.2.0 to 1.2.1 (server#27646) - Bump vue and vue-template-compiler (server#27701) - Design fixes to app-settings button (server#27745) - Reset checksum when writing files to object store (server#27754) - Run s3 tests again (server#27804) - Fix in locking cache check (server#27829) - Bump dompurify from 2.2.8 to 2.2.9 (server#27836) - Make search popup usable on mobile, too (server#27858) - Cache images on browser (server#27863) - Fix dark theme on public link shares (server#27895) - Make user status usable on mobile (server#27897) - Do not escape display name in dashboard welcome text (server#27913) - Bump moment-timezone from 0.5.31 to 0.5.33 (server#27924) - Fix newfileMenu on public page (server#27941) - Fix svg icons disappearing in app navigation when text overflows (server#27955) - Bump bootstrap from 4.5.2 to 4.5.3 (server#27965) - Show registered breadcrumb detail views in breadcrumb menu (server#27970) - Fix regression in file sidebar (server#27976) - Bump exports-loader from 1.1.0 to 1.1.1 (server#27984) - Bump @nextcloud/capabilities from 1.0.2 to 1.0.4 (server#27985) - Bump @nextcloud/vue-dashboard from 1.0.0 to 1.0.1 (server#27988) - Improve notcreatable permissions hint (server#28006) - Update CRL due to revoked twofactor_nextcloud_notification.crt (server#28018) - Bump sass-loader from 10.0.2 to 10.0.5 (server#28032) - Increase footer height for longer menus (server#28045) - Mask password for Redis and RedisCluster on connection failure (server#28054) - Fix missing theming for login button (server#28065) - Fix overlapping of elements in certain views (server#28072) - Disable HEIC image preview provider for performance concerns (server#28081) - Improve provider check (server#28087) - Sanitize more functio ... Description truncated. Please see the references for more information.

'nextcloud' package(s) on openSUSE Leap 15.2.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).