1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3363-1] owncloud-client security update

    From Luciano Bello@1:229/2 to All on Sun Sep 20 12:40:01 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3363-1 [email protected] https://www.debian.org/security/ Luciano Bello September 20, 2015 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : owncloud-client
    CVE ID : CVE-2015-4456

    Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client,
    the client-side of the ownCloud file sharing services. The vulnerability
    allows man-in-the-middle attacks in situations where the server is using self-signed certificates and the connection is already established. If
    the user in the client side manually distrusts the new certificate, the
    file syncing will continue using the malicious server as valid.

    For the stable distribution (jessie), this problem has been fixed in
    version 1.7.0~beta1+really1.6.4+dfsg-1+deb8u1.

    For the testing distribution (stretch), this problem has been fixed
    in version 1.8.4+dfsg-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.8.4+dfsg-1.

    We recommend that you upgrade your owncloud-client packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJV/ojKAAoJEAVMuPMTQ89EfzUP/3W7wDaOrMi4iux7KJSMk7Sd ukXkUi71k8nIF/ILqP+SOuTjrqDhq5Yoa6rL6uk86nQbIEHXsMcR0caey4+ObJRC Emxelx0frZVqoCfXDVKq7wxverZH+15ezAiPhFrpBH/LgGQ9Y+mdO+xGP14q65zP 26ksMs+90h7GxpLw0082pXR/QYu+etvnmFK3D8Z2t9nS9SmC6K9WRNgcCwDoQmpR INY2NafwmT6nrQzWh+dBOj65DpAt6hneyj/LG0udB3YgLtlabPeQYmvSDfpJhtfE YugR+B7srNZ8XyV6RQrZDA7Xa5kGrA5NIBU0ht1qaV3FGWHmTV1LZaWXO/qq7WJZ m1u4QLzeOO/jV3eeeKSLx1VJK07DtBOYmuPtixtJaWUKPAIQN+xsQjxyf3sqoXC6 /Be4RvAqglBQBc/e2ee/iUiO1MW1huTmLoRQkY71XvsrGqLdYxKlyMb0V/sCjn+i 3Sxjaf1h0VSL9geDPwJqWfxBrHhlCJCFsLJZPTXYqIQMtM/Zy8zCuFkSb5qArfY4 ORaw7Brwzd7TQoKdu1Q1tYOBAxoMSlqnocJCKpNTLXaaZvm7Nwh4ea+yle+rPa8P gJnIaDIXrYIgCN0+2fYD4aPti/my+4xqDwfO3IwdVCJVKC5ssNm1yaA4yhTr0urv KPZqG7c5yc38EJJfbels
    =BRV5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)