[SECURITY] Fedora 33 Update: nextcloud-19.0.12-1.fc33

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-afa7968aeb 2021-07-09 00:45:55.174258 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 33 Version : 19.0.12 Release : 1.fc33 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: - Update to Nextcloud 19.0.12, fixes CVE-2021-22915 (RHBZ 1977202) - Include php-fpm config in httpd subpackage - Set php memory limit to 512MB (RHBZ 1933529) - Add Referrer-policy no-referrer to nginx config (RHBZ 1933530) -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 30 2021 Christopher Engelhard <ce(a)lcts.de&gt; - 19.0.12-1 - Update to Nextcloud 19.0.12, fixes CVE-2021-22915 (RHBZ 1977202) - Include php-fpm config in httpd subpackage - Set php memory limit to 512MB (RHBZ 1933529) - Add Referrer-policy no-referrer to nginx config (RHBZ 1933530) * Sun Feb 28 2021 Christopher Engelhard <ce(a)lcts.de&gt; - 19.0.9-1 - Update to Nextcloud 19.0.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1933529 - The PHP memory limit is below the recommended value of 512MB https://bugzilla.redhat.com/show_bug.cgi?id=1933529 [ 2 ] Bug #1933530 - The ���Referrer-Policy��� HTTP header is not set to ���no-referrer���, ���no-referrer-when-downgrade���, ���strict-origin���, ���strict-origin-when-cross-origin��� or ���same-origin��� https://bugzilla.redhat.com/show_bug.cgi?id=1933530 [ 3 ] Bug #1977202 - CVE-2021-22915 nextcloud: lack of inclusion of IPv6 subnets in rate-limiting considerations allows brute force attacks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1977202 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-afa7968aeb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------