Lucene search

DebianDEBIAN:DSA-4974-1:8E6F1

HistorySep 19, 2021 - 10:35 a.m.

[SECURITY] [DSA 4974-1] nextcloud-desktop security update

2021-09-1910:35:13

lists.debian.org

nextcloud

debian

security update

cve-2021

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.009

Percentile

82.6%

JSON

Debian Security Advisory DSA-4974-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2021 https://www.debian.org/security/faq

Package : nextcloud-desktop
CVE ID : CVE-2021-22895 CVE-2021-32728
Debian Bug : 989846

Two vulnerabilities were discovered in the Nextcloud desktop client,
which could result in information disclosure.

For the oldstable distribution (buster), these problems have been fixed
in version 2.5.1-3+deb10u2.

For the stable distribution (bullseye), these problems have been fixed in
version 3.1.1-2+deb11u1.

We recommend that you upgrade your nextcloud-desktop packages.

For the detailed security status of nextcloud-desktop please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nextcloud-desktop

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11amd64libnextcloudsync-dev< 3.1.1-2+deb11u1libnextcloudsync-dev_3.1.1-2+deb11u1_amd64.deb
Debian11mipseldolphin-nextcloud-dbgsym< 3.1.1-2+deb11u1dolphin-nextcloud-dbgsym_3.1.1-2+deb11u1_mipsel.deb
Debian10mipselnextcloud-desktop< 2.5.1-3+deb10u2nextcloud-desktop_2.5.1-3+deb10u2_mipsel.deb
Debian11armhflibnextcloudsync0< 3.1.1-2+deb11u1libnextcloudsync0_3.1.1-2+deb11u1_armhf.deb
Debian11amd64dolphin-nextcloud-dbgsym< 3.1.1-2+deb11u1dolphin-nextcloud-dbgsym_3.1.1-2+deb11u1_amd64.deb
Debian10arm64nextcloud-desktop< 2.5.1-3+deb10u2nextcloud-desktop_2.5.1-3+deb10u2_arm64.deb
Debian10i386nextcloud-desktop< 2.5.1-3+deb10u2nextcloud-desktop_2.5.1-3+deb10u2_i386.deb
Debian11arm64nextcloud-desktop-cmd-dbgsym< 3.1.1-2+deb11u1nextcloud-desktop-cmd-dbgsym_3.1.1-2+deb11u1_arm64.deb
Debian10i386libnextcloudsync0< 2.5.1-3+deb10u2libnextcloudsync0_2.5.1-3+deb10u2_i386.deb
Debian11mipseldolphin-nextcloud< 3.1.1-2+deb11u1dolphin-nextcloud_3.1.1-2+deb11u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	amd64	libnextcloudsync-dev	< 3.1.1-2+deb11u1	libnextcloudsync-dev_3.1.1-2+deb11u1_amd64.deb
Debian	11	mipsel	dolphin-nextcloud-dbgsym	< 3.1.1-2+deb11u1	dolphin-nextcloud-dbgsym_3.1.1-2+deb11u1_mipsel.deb
Debian	10	mipsel	nextcloud-desktop	< 2.5.1-3+deb10u2	nextcloud-desktop_2.5.1-3+deb10u2_mipsel.deb
Debian	11	armhf	libnextcloudsync0	< 3.1.1-2+deb11u1	libnextcloudsync0_3.1.1-2+deb11u1_armhf.deb
Debian	11	amd64	dolphin-nextcloud-dbgsym	< 3.1.1-2+deb11u1	dolphin-nextcloud-dbgsym_3.1.1-2+deb11u1_amd64.deb
Debian	10	arm64	nextcloud-desktop	< 2.5.1-3+deb10u2	nextcloud-desktop_2.5.1-3+deb10u2_arm64.deb
Debian	10	i386	nextcloud-desktop	< 2.5.1-3+deb10u2	nextcloud-desktop_2.5.1-3+deb10u2_i386.deb
Debian	11	arm64	nextcloud-desktop-cmd-dbgsym	< 3.1.1-2+deb11u1	nextcloud-desktop-cmd-dbgsym_3.1.1-2+deb11u1_arm64.deb
Debian	10	i386	libnextcloudsync0	< 2.5.1-3+deb10u2	libnextcloudsync0_2.5.1-3+deb10u2_i386.deb
Debian	11	mipsel	dolphin-nextcloud	< 3.1.1-2+deb11u1	dolphin-nextcloud_3.1.1-2+deb11u1_mipsel.deb