Updated owncloud package fixes security vulnerabilities
Publication date: 13 Aug 2015Modification date: 07 Mar 2016
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-4715 , CVE-2015-4717 , CVE-2015-4718
Description
In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted (CVE-2015-4715). In ownCloud before 6.0.8 and 8.0.4, the sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive (CVE-2015-4717). In ownCloud before 6.0.8 and 8.0.4, the external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. This was caused by improperly sanitizing the ";" character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud). Effectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownCloud's config file (CVE-2015-4718).
References
- https://bugs.mageia.org/show_bug.cgi?id=16491
- https://owncloud.org/security/advisory/?id=oc-sa-2015-005
- https://owncloud.org/security/advisory/?id=oc-sa-2015-007
- https://owncloud.org/security/advisory/?id=oc-sa-2015-008
- http://owncloud.org/changelog/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4717
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4718
SRPMS
4/core
- owncloud-6.0.9-1.mga4
5/core
- owncloud-8.0.5-1.2.mga5