The version of ownCloud in Ubuntuâs Universe repositories is old and full of âmultiple critical security vulnerabilities.â Itâs no secret. The ownCloud project itself asked Ubuntu to remove it so users wouldnât have vulnerable server software. Ubuntu suggested to ownCloud they should take over maintaining it instead. OwnCloud thought that was ridiculousâthey just want to write software and not maintain it in every distributionâs repositories.
Ubuntu is finally taking action and uploading an empty package that will disable the vulnerable ownCloud server software on Ubuntu 14.04 systems. But this whole weeks-long ordeal demonstrates a serious weakness with the way Linux software is packaged, distributed, and updated.
Read more at PCWorld.