An update that fixes two vulnerabilities is now available.
This update for nextcloud fixes the following issues:
Security issues fixed:
- CVE-2018-3761: Fix improper authentication on the OAuth2 token endpoint (bsc#1100344). - CVE-2018-3762: Fix improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to (bsc#1100343).
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product: