Security update for nextcloud SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1040-1 Final 1 1 2018-04-20T16:40:59Z current 2018-04-20T16:40:59Z 2018-04-20T16:40:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nextcloud This update for nextcloud fixes the following issues: Security issue fixed: - CVE-2017-0936: Nextcloud Server before 11.0.7 suffers from an Authorization Bypass Through User-Controlled Key vulnerability (boo#1087402). Bug fixes: - See online release notes for all relevant changes. https://nextcloud.com/changelog/ The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-04/msg00052.html E-Mail link for openSUSE-SU-2018:1040-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 nextcloud-13.0.1-6.1 nextcloud-13.0.1-6.1 as a component of openSUSE Leap 42.3 Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user. CVE-2017-0936 openSUSE Leap 42.3:nextcloud-13.0.1-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00052.html https://www.suse.com/security/cve/CVE-2017-0936.html CVE-2017-0936 https://bugzilla.suse.com/1087402 SUSE Bug 1087402