[Pkg-owncloud-maintainers] Bug#686567: Bug#686567: owncloud: Missing security fixes in Wheezy
Thomas Müller
thomas.mueller at tmit.eu
Mon Sep 3 11:32:36 UTC 2012
Hi,
I plan to prepare an upload until the end of this week.
THX for the notification,
Tom
Am Montag, dem 03.09.2012 um 12:25 schrieb Moritz Muehlenhoff:
> Package: owncloud
> Version: 4.0.4debian-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> The following security issues are still open in Wheezy (although they're fixed in sid):
> Since Wheezy is frozen, this either needs to be fixed with an upload to
> testing-proposed-updates containing only the security fixes or by getting 4.0.7
> into Wheezy (given how the freeze has been so far, the former is most likely
> preferred by release managers)
>
> Cheers,
> Moritz
>
>
> Please see http://seclists.org/oss-sec/2012/q3/363 :
>
> Version 4.0.7 Aug 14th 2012
>
> Vulnerability of type .htaccess upload in file /lib/migrate.php.
> A user could import a crafted import.zip to upload a .htaccess to the
> data folder which could lead to a code execution.
> https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a
>
> Please use CVE-2012-4389 for this issue.
>
> ====
> Vulnerability of type "user enumeration" in file remote.php.
> It has been discovered that an authenticated user could get a list of
> all registered users.
> https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707
>
> Please use CVE-2012-4390 for this issue.
>
> ====
> Vulnerability of type "CSRF" in file appconfig.php
> The appconfig.php wasn't checking the CSRF token. This could lead that
> an attacker is able to edit the app configurations.
> https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188
>
> Please use CVE-2012-4391 for this issue.
>
> ====
> Vulnerability of type "auth bypass" in file index.php
> Due to unproper checking the cookie, an unauthenticated attacker could
> login as as user if the user never used the "remember password"
> function.
> https://github.com/owncloud/core/commit/baab13ae134ff109c043371a7813df9b9bd4967b
>
> Please use CVE-2012-4392 for this issue.
>
> - -------------
> Version 4.0.6 Aug 1th 2012
>
> Security: Check for Admin user in
> appconfig.php (CSRF)
> Registered user could change app configs without admin rights.
> https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f
> Security: Several CSRF security fixes
> The admin settings and the bookmark app wasn't checking the CSRF token.
> https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f
> and
> https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745
>
> CVS merged into a single CVE
>
> Please use CVE-2012-4393 for these issues.
>
> - -------------
>
> Version 4.0.5 July 20th
> Reflected XSS (XSS)
> The filelist wasn't sanitzing HTML values in image files.
> https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8
>
> Please use CVE-2012-4394 for this issue.
>
> _______________________________________________
> Pkg-owncloud-maintainers mailing list
> Pkg-owncloud-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-owncloud-maintainers
More information about the Pkg-owncloud-maintainers
mailing list