Owncloud security problem

NethServer Version: 6.8
Module: ownCloud

Good morning,
there is a problem I read on this

Testing our own owncloud, Igot these results:

Running ownCloud
NOT on latest patch level
Major version NOT supported
**Scanned at 2017-03-07 06:25:28 **
Your instance has known vulnerabilities, below you can see a list of them. Learn more about our security efforts.
Your version is end-of-life and is very likely affected by many more vulnerabilities. You should update as soon as possible.
Open Redirector involving user interaction
Disclosure of arbitrary certificate files
A security hardening is a feature which protects software from attacks even if it is affected by a certain vulnerability. For an overview of security hardening capabilities we’ve recently developed, see this blog.
Below is a list of hardening features your server has enabled.
**Bruteforce protection **
**CSPv3 **
**Same-Site-Cookies **
**Password confirmation **
**__Host-Prefix **
**App passwords can be restricted **
Besides features of the private cloud software itself, one can configure their Apache or NGINX server more or less securely. Please note that many security settings available cannot be checked from the outside! We strongly recommend you read our Security Hardening Guide and follow the instructions there.
Here are the results of a number of checks against your server.
**X-Frame-Options **
**X-Content-Type-Options **
**X-XSS-Protection **
**X-Download-Options **
**X-Permitted-Cross-Domain-Policies **
Our recommendation
We strongly recommend to keep a private cloud server constantly updated. Servers not running the latest security update in a supported release series are often vulnerable. For Nextcloud, the latest releases are Nextcloud 11.0.2, 10.0.4 and 9.0.57. For ownCloud, that would be ownCloud 8.1.12, 8.2.10, 9.0.8 or 9.1.4. You can find new versions here for Nextcloud and here for ownCloud. Nextcloud strives to make upgrading a safe, easy and painless procedure. You can learn why and how to upgrade to the latest version of Nextcloud 11 here.
**We further recommend to read our Security Hardening Guide and follow the instructions there. **
Let us help you keep your data secure
Our customers get proactive help with upgrading and keeping their systems secure. We also warn them in advance when security problems are found. Learn about Nextcloud’s security efforts.
If you are interested in our services, we have a special time limited offer for prospective customers who can show us a copy of the email warning them of an unsafe instance.

What to do ?
Greetings !

Can’t you update owncloud, I’ve read that you have to install a newer PHP Version, a howto for installing newer PHP is here:


Edit: I’ve installed 6.8 to test it, but at this time update php-version didn’t work for me.

Perhaps @stephdl can help. Owncloud should run at Cent OS 6.8 with newest PHP Version, but I don’t know if there are problems with other nethserver modules.

I don’t understand what is ‘php-version’ do you mean nethserver-php-scl for NS6.

Yes, I tried to install php7 with it, but it says remi repository doesn’t exist.

What I’ve done:
I installed Nethserver 6.8 and owncloud. Now I want to try newest php-version (php7) and newest owncloud-version.

I think best thing is to use the new php-version only for the owncloud-website.

You likely missed to install nethserver-remi-phpscl

1 Like

Thanks for answer, you gave me the right hint
I’ve forgotton to install your stephdl_repository, so I can’t use php-scl.

For installing newer php-version look at the Wiki, and dont forget to install stephdl_repository like written in the Wiki.

Here is a howto for upgrading owncloud. I didn’t test it now.
Before testing I would advise to setup a second mashine for testing.

Probably we can update owncloud to another minor release, but I never tried.

/cc @alep