Bug 17082

Summary: owncloud new security issues fixed upstream in 8.0.9
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/663795/
Whiteboard: has_procedure advisory mga5-64-ok
Source RPM: owncloud-8.0.8-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-11-04 12:25:02 CET 
Upstream has released version 8.0.9 on October 30:
https://owncloud.org/changelog/

As usual, no details are available about the security issues.

Updated package uploaded for Mageia 5.

Advisory:
========================

Updated owncloud package fixes security vulnerabilities:

The owncloud package has been updated to version 8.0.9, which fixes
undisclosed security issues and other bugs.

References:
https://owncloud.org/changelog/
========================

Updated packages in core/updates_testing:
========================
owncloud-8.0.9-1.mga5

from owncloud-8.0.9-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-11-04 12:25:18 CET 
You can find testing information in Bug 16491.

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2015-11-05 23:58:02 CET 
Testing complete mga5 64

Database upgrades successfully, uploads work ok and syncs OK with the client.

Whiteboard: has_procedure => has_procedure mga5-64-ok

Comment 3 claire robinson 2015-11-07 17:46:50 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 claire robinson 2015-11-07 18:03:53 CET 
Advisory uploaded.

Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok

Comment 5 Mageia Robot 2015-11-07 21:12:19 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0437.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-11-09 20:32:32 CET

URL: (none) => http://lwn.net/Vulnerabilities/663795/

Comment 6 David Walser 2016-01-25 17:02:35 CET 
CVE-2016-1501 was the security issue fixed here:
https://owncloud.org/security/advisory/?id=oc-sa-2016-004

Advisory:
========================

Updated owncloud package fixes security vulnerability:

ownCloud returns exception error messages to the user in two different places,
allowing an authenticated adversary to gain information about the installation
path of the ownCloud instance. There is no further information disclosure
(CVE-2016-1501).

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1501
https://owncloud.org/security/advisory/?id=oc-sa-2016-004
https://owncloud.org/changelog/