Advisories » MGASA-2013-0171

Updated owncloud package fixes security vulnerabilities

Publication date: 18 Jun 2013
Modification date: 18 Jun 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2150 , CVE-2013-2149

Description

Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the
files_videoviewer application via multiple unspecified vectors in all
ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote
attackers to inject arbitrary web script or HTML via shared files
(CVE-2013-2150).

Cross-site scripting (XSS) vulnerabilities in core/js/oc-dialogs.js via
multiple unspecified vectors in all ownCloud versions prior to 5.0.7
and other versions before 4.0.16 allows authenticated remote attackers
to inject arbitrary web script or HTML via shared files (CVE-2013-2149).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=10452
• http://owncloud.org/about/security/advisories/oC-SA-2013-028/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2150
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2149

SRPMS

3/core

• owncloud-5.0.7-1.mga3