Slashdot Mirror

← Back to Stories (view on slashdot.org)

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

Posted by timothy on from the if-you-could-turn-back-time dept.

operator_error notes a report that ownCloud developer Lukas Reschke has emailed the Ubuntu Devel mailing list to request that ownCloud (server) be removed from the Ubuntu repositories because it contains "multiple critical security bugs for which no fixes have been backported," through which an attacker could "gain complete control [of] the web server process." From the article: However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2). Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical. You can follow the discussion @ Ubuntu Devel mailing list. So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service."

1 of 126 comments (clear)

  1. Re:Bring back Bennett!! by NotInHere · · Score: 0, Offtopic

    Frequent summary submitter describes it very good:

    http://slashdot.org/story/13/1...
    http://tech.slashdot.org/story...
    http://yro.slashdot.org/story/...
    http://news.slashdot.org/story...

    He just makes very long submissions. And since this week, a troll has been very busy, submitting stories:

    http://slashdot.org/submission...
    http://slashdot.org/submission...

    and writing But-what-does-frequent-contributor-Bennett-Haselton-think-about-this posts into stories. The term "Frequent contributor" has been used in a summary by an editor, and is already associated with him by /. users:
    http://hardware.slashdot.org/c...