Nome do pacote
owncloud
Data
2013-06-17
ID Alerta
MDVSA-2013:175
Versões afetadas
MBS1 x86_64

Descrição do problema

Multiple vulnerabilities has been found and corrected in owncloud:

Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside
the files_videoviewer application via multiple unspecified vectors in
all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated
remote attackers to inject arbitrary web script or HTML via shared
files (CVE-2013-2150).

Cross-site scripting (XSS) vulnerabilities in core/js/oc-dialogs.js
via multiple unspecified vectors in all ownCloud versions prior to
5.0.7 and other versions before 4.0.16 allows authenticated remote
attackers to inject arbitrary web script or HTML via shared files
(CVE-2013-2149).

This advisory provides the latest versions of owncloud (5.0.7) which
is not vulnerable to these issues.

Pacotes atualizados

MBS1 x86_64

 92604331efa78c4d251164c3b2a845e3  mbs1/x86_64/owncloud-5.0.7-1.mbs1.noarch.rpm 
 5c6dab68a1f3bd3e11588505164d5691  mbs1/SRPMS/owncloud-5.0.7-1.mbs1.src.rpm

Referências