- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Nextcloud: Multiple Vulnerabilities Date: August 10, 2022 Bugs: #848873, #835073, #834803, #820368, #812443, #802096, #797253 ID: 202208-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Nextcloud, the worst of which could result in denial of service. Background ========= Nextcloud is a personal cloud that runs on your own server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/nextcloud < 23.0.4 >= 23.0.4 Description ========== Multiple vulnerabilities have been discovered in Nextcloud. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Nextcloud users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/nextcloud-23.0.4" References ========= [ 1 ] CVE-2021-32653 https://nvd.nist.gov/vuln/detail/CVE-2021-32653 [ 2 ] CVE-2021-32654 https://nvd.nist.gov/vuln/detail/CVE-2021-32654 [ 3 ] CVE-2021-32655 https://nvd.nist.gov/vuln/detail/CVE-2021-32655 [ 4 ] CVE-2021-32656 https://nvd.nist.gov/vuln/detail/CVE-2021-32656 [ 5 ] CVE-2021-32657 https://nvd.nist.gov/vuln/detail/CVE-2021-32657 [ 6 ] CVE-2021-32678 https://nvd.nist.gov/vuln/detail/CVE-2021-32678 [ 7 ] CVE-2021-32679 https://nvd.nist.gov/vuln/detail/CVE-2021-32679 [ 8 ] CVE-2021-32680 https://nvd.nist.gov/vuln/detail/CVE-2021-32680 [ 9 ] CVE-2021-32688 https://nvd.nist.gov/vuln/detail/CVE-2021-32688 [ 10 ] CVE-2021-32703 https://nvd.nist.gov/vuln/detail/CVE-2021-32703 [ 11 ] CVE-2021-32705 https://nvd.nist.gov/vuln/detail/CVE-2021-32705 [ 12 ] CVE-2021-32725 https://nvd.nist.gov/vuln/detail/CVE-2021-32725 [ 13 ] CVE-2021-32726 https://nvd.nist.gov/vuln/detail/CVE-2021-32726 [ 14 ] CVE-2021-32734 https://nvd.nist.gov/vuln/detail/CVE-2021-32734 [ 15 ] CVE-2021-32800 https://nvd.nist.gov/vuln/detail/CVE-2021-32800 [ 16 ] CVE-2021-32801 https://nvd.nist.gov/vuln/detail/CVE-2021-32801 [ 17 ] CVE-2021-32802 https://nvd.nist.gov/vuln/detail/CVE-2021-32802 [ 18 ] CVE-2021-41177 https://nvd.nist.gov/vuln/detail/CVE-2021-41177 [ 19 ] CVE-2021-41178 https://nvd.nist.gov/vuln/detail/CVE-2021-41178 [ 20 ] CVE-2021-41239 https://nvd.nist.gov/vuln/detail/CVE-2021-41239 [ 21 ] CVE-2021-41241 https://nvd.nist.gov/vuln/detail/CVE-2021-41241 [ 22 ] CVE-2022-24741 https://nvd.nist.gov/vuln/detail/CVE-2022-24741 [ 23 ] CVE-2022-24888 https://nvd.nist.gov/vuln/detail/CVE-2022-24888 [ 24 ] CVE-2022-24889 https://nvd.nist.gov/vuln/detail/CVE-2022-24889 [ 25 ] CVE-2022-29243 https://nvd.nist.gov/vuln/detail/CVE-2022-29243 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-17 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5