Fedora 19 : owncloud-5.0.17-2.fc19 / php-sabredav-Sabre_CalDAV-1.7.9-1.fc19 / etc (2014-14066)

medium Nessus Plugin ID 79391
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote Fedora host is missing one or more security updates.


This update provides ownCloud 5.0.17, the latest release in the 5.x series, plus an extra security-related fix backported from the stable5 branch.

It also provides SabreDAV 1.7.13. This is also a major upgrade from SabreDAV 1.6, and has API incompatibilities. ownCloud is the only Fedora 19 package that requires SabreDAV, and ownCloud 5 cannot work with SabreDAV 1.6: the API-incompatible upgrade is unfortunate but necessary to provide a secure ownCloud release.

ownCloud 4.5, the current version in Fedora 19, is un-maintained, subject to known security issues, and has no upgrade path beyond ownCloud 5. Upgrading directly from 4.5 to the current version in Fedora 20 or 21 - ownCloud 7 - would likely fail.

I plan to update the package to 6.x before Fedora 19 goes EOL and maintain the 5.x and 6.x builds in a side repository to make sure there is a viable upgrade path from Fedora 19.

Initial testing on the 4.x -> 5.x upgrade has been performed, but please back up your user data, ownCloud configuration and ownCloud database before performing the upgrade. Please file negative karma and a bug report for any issues encountered during the upgrade. Ideally, the upgrade should run smoothly on first access to the updated ownCloud instance with no manual intervention required.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected packages.

See Also









Plugin Details

Severity: Medium

ID: 79391

File Name: fedora_2014-14066.nasl

Version: 1.6

Type: local

Agent: unix

Published: 11/24/2014

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 5.8


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:owncloud, p-cpe:/a:fedoraproject:fedora:php-sabredav-Sabre_CalDAV, p-cpe:/a:fedoraproject:fedora:php-sabredav-Sabre_CardDAV, p-cpe:/a:fedoraproject:fedora:php-sabredav-Sabre_DAV, p-cpe:/a:fedoraproject:fedora:php-sabredav-Sabre_DAVACL, p-cpe:/a:fedoraproject:fedora:php-sabredav-Sabre_HTTP, p-cpe:/a:fedoraproject:fedora:php-sabredav-Sabre_VObject, cpe:/o:fedoraproject:fedora:19

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/1/2014

Reference Information

CVE: CVE-2013-6403

BID: 63926

FEDORA: 2014-14066