CVE-2017-9286 nextcloud package security issues with /srv/www/htdocs

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

openSUSE Security Update : nextcloud (openSUSE-2017-1121)

This update for nextcloud fixes the following issues : - CVE-2017-9286: During upgrade of the nextcloud package local attackers could gain root access via a /tmp file race. boo1036756 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...