Nom du paquet
owncloud
Date
2013-06-17
Advisory ID
MDVSA-2013:175
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in owncloud:

Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside
the files_videoviewer application via multiple unspecified vectors in
all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated
remote attackers to inject arbitrary web script or HTML via shared
files (CVE-2013-2150).

Cross-site scripting (XSS) vulnerabilities in core/js/oc-dialogs.js
via multiple unspecified vectors in all ownCloud versions prior to
5.0.7 and other versions before 4.0.16 allows authenticated remote
attackers to inject arbitrary web script or HTML via shared files
(CVE-2013-2149).

This advisory provides the latest versions of owncloud (5.0.7) which
is not vulnerable to these issues.

Updated packages

MBS1 x86_64

 92604331efa78c4d251164c3b2a845e3  mbs1/x86_64/owncloud-5.0.7-1.mbs1.noarch.rpm 
 5c6dab68a1f3bd3e11588505164d5691  mbs1/SRPMS/owncloud-5.0.7-1.mbs1.src.rpm

References