Security update for froxlor (moderate)

ID OPENSUSE-SU-2021:0415-1
Type suse
Reporter Suse
Modified 2021-03-16T18:17:25


An update that solves one vulnerability and has three fixes is now available.


This update for froxlor fixes the following issues:

  • Upstream upgrade to version 0.10.23 (boo#846355)
  • Upstream upgrade to version 0.10.22 (boo#846355)

  • BuildRequire cron as this contains now the cron directories

  • Use %license for COPYING file instead of %doc [boo#1082318]

Upstream upgrade to version (boo#846355)

new features besides API that found their way in:

  • 2FA / TwoFactor Authentication for accounts
  • MySQL8 compatibility
  • new implementation of Let's Encrypt (
  • customizable error/access log handling for webserver (format, level, pipe-to-script, etc.)
  • lots and lots of bugfixes and small enhancements

Upstream upgrade to version (boo#846355)

  • PHP rand function for random number generation fixed in previous version (boo#1025193) CVE-2016-5100
  • upstream upgrade to version 0.9.39 (boo#846355)
  • Add and change of froxlor config files and manual
  • Change Requires to enable use with php7

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-415=1