The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. References: https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html https://bugzilla.suse.com/show_bug.cgi?id=1036756
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 1551803] Affects: epel-7 [bug 1551802]
Do I correctly assume this only affects the SUSE rpm and does not affect the nexctloud rpm in the Fedora repos?
(In reply to Christian Glombek from comment #2) > Do I correctly assume this only affects the SUSE rpm and does not affect the > nexctloud rpm in the Fedora repos? Correct, this is relevant to the nextcloud packaging in openSUSE.