Red Hat Bugzilla – Bug 962997
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11
Last modified: 2013-06-23 23:27:08 EDT
ownCloud 4.5.11 was released to correct a number of security flaws. The ones relevant to 4.5.x (which is the version we ship) are noted below. The full announcement was sent to the oss-security mailing list .
CVE-2013-2046: Multiple SQL Injections (oC-SA-2013-019)
- stable45: [582c3ed](https://github.com/owncloud/bookmarks/commit/582c3ed)
CVE-2013-2039: Multiple directory traversals (oC-SA-2013-020)
- stable45: [6be497c](https://github.com/owncloud/core/commit/6be497c)
CVE-2013-2040: Multiple XSS vulnerabilities (oC-SA-2013-021)
- stable45: [f9aeaa6](https://github.com/owncloud/apps/commit/f9aeaa6)
CVE-2013-2042: Multiple XSS vulnerabilities (oC-SA-2013-021)
- stable45: [f1fdeb2](https://github.com/owncloud/bookmarks/commit/f1fdeb2)
CVE-2013-2043: Privilege escalation in the calendar application (oC-SA-2013-024)
- stable45: [68daff4](https://github.com/owncloud/calendar/commit/68daff4)
Created owncloud tracking bugs for this issue
Affects: fedora-18 [bug 962998]
Affects: epel-6 [bug 962999]
owncloud-4.5.12-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
owncloud-4.5.12-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.