openSUSE Build Service

Security update for nextcloud

This update for nextcloud fixes the following issues:

- Update to 23.0.12
See: https://nextcloud.com/changelog/#latest23

- This also fix security issues:
- CVE-2022-35931: Password Policy app could generate passwords that would be block (boo#1203190)
- CVE-2022-39346: Missing length validation of user displayname allows to generate an SQL error (boo#1205802)
- CVE-2023-25579: Potential directory traversal in OC\Files\Node\Folder::getFullPath (boo#1208591)

Submitted by Eric Schirra (ecsos)

Fixed bugs

bnc#1208591

VUL-0: CVE-2023-25579: nextcloud: Potential directory traversal in OC\Files\Node\Folder::getFullPath

bnc#1205802

VUL-0: CVE-2022-39346: nextcloud: Missing length validation of user displayname allows to generate an SQL error

bnc#1203190

VUL-1: CVE-2022-35931: nextcloud: Password Policy app could generate passwords that would be block

CVE-2022-35931

CVE-2023-25579

CVE-2022-39346

Places

Fixed bugs

Selected Binaries

Places