Search criteria
153 vulnerabilities found for subversion by apache
FKIE_CVE-2024-46901
Vulnerability from fkie_nvd - Published: 2024-12-09 10:15 - Updated: 2025-07-15 16:354.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://subversion.apache.org/security/CVE-2024-46901-advisory.txt | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html | Mailing List, Third Party Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0044D4E-5597-4E3C-B300-B0D36A707F58",
"versionEndExcluding": "1.14.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\n\nAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\n\nRepositories served via other access methods are not affected."
},
{
"lang": "es",
"value": "La validaci\u00f3n insuficiente de los nombres de archivo con respecto a los caracteres de control en Apache Subversion repositories que se sirven a trav\u00e9s de mod_dav_svn permite que los usuarios autenticados con acceso de confirmaci\u00f3n confirmen una revisi\u00f3n da\u00f1ada, lo que genera interrupciones para los usuarios del repositorio. Todas las versiones de Subversion hasta Subversion 1.14.4 incluida se ven afectadas si se sirven repositorios a trav\u00e9s de mod_dav_svn. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.14.5, que soluciona este problema. Los repositorios que se sirven a trav\u00e9s de otros m\u00e9todos de acceso no se ven afectados."
}
],
"id": "CVE-2024-46901",
"lastModified": "2025-07-15T16:35:39.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-09T10:15:05.230",
"references": [
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2024-46901-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-45720
Vulnerability from fkie_nvd - Published: 2024-10-09 13:15 - Updated: 2025-02-11 17:227.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1FD34E-4CF2-4750-865B-A1F542D1383B",
"versionEndExcluding": "1.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Windows platforms, a \"best fit\" character encoding conversion of command line arguments to Subversion\u0027s executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.\n\nAll versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.\n\nSubversion is not affected on UNIX-like platforms."
},
{
"lang": "es",
"value": "En las plataformas Windows, una conversi\u00f3n de codificaci\u00f3n de caracteres de \"ajuste \u00f3ptimo\" de argumentos de l\u00ednea de comandos a ejecutables de Subversion (por ejemplo, svn.exe, etc.) puede provocar una interpretaci\u00f3n inesperada de los argumentos de l\u00ednea de comandos, incluida la inyecci\u00f3n de argumentos y la ejecuci\u00f3n de otros programas, si se procesa una cadena de argumentos de l\u00ednea de comandos especialmente manipulada. Todas las versiones de Subversion hasta Subversion 1.14.3 incluida se ven afectadas solo en plataformas Windows. Se recomienda a los usuarios actualizar a la versi\u00f3n Subversion 1.14.4, que soluciona este problema. Subversion no se ve afectado en plataformas tipo UNIX."
}
],
"id": "CVE-2024-45720",
"lastModified": "2025-02-11T17:22:19.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-09T13:15:11.337",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2024-45720-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/10/08/3"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24070
Vulnerability from fkie_nvd - Published: 2022-04-12 18:15 - Updated: 2024-11-21 06:49| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| apache | subversion | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| apple | macos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BB582E-958E-4729-9EB9-EEAED5314FD2",
"versionEndExcluding": "1.10.8",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBAEE04-1D22-41CB-8C32-5DDD29A42DC4",
"versionEndExcluding": "1.14.2",
"versionStartIncluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFABC0C7-944C-4B46-A985-8B4F8BF93F54",
"versionEndExcluding": "12.5",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Subversion\u0027s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected."
},
{
"lang": "es",
"value": "La funci\u00f3n mod_dav_svn de Subversion es vulnerable a una corrupci\u00f3n de memoria. Mientras buscan reglas de autorizaci\u00f3n basadas en rutas, los servidores mod_dav_svn pueden intentar usar memoria que ya ha sido liberada. Afecta a los servidores mod_dav_svn de Subversion 1.10.0 a 1.14.1 (inclusive). Los servidores que no usan mod_dav_svn no est\u00e1n afectados"
}
],
"id": "CVE-2022-24070",
"lastModified": "2024-11-21T06:49:45.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T18:15:09.137",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/SVN-4880"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/SVN-4880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28544
Vulnerability from fkie_nvd - Published: 2022-04-12 18:15 - Updated: 2024-11-21 05:59| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| apple | macos | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F5ACC5-2DD1-4E01-AF14-13B20CE4394B",
"versionEndIncluding": "1.14.1",
"versionStartIncluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFABC0C7-944C-4B46-A985-8B4F8BF93F54",
"versionEndExcluding": "12.5",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \u0027copyfrom\u0027 paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \u0027copyfrom\u0027 path of the original. This also reveals the fact that the node was copied. Only the \u0027copyfrom\u0027 path is revealed; not its contents. Both httpd and svnserve servers are vulnerable."
},
{
"lang": "es",
"value": "Apache Subversion SVN authz protected copyfrom paths regresi\u00f3n Los servidores de Subversion revelan rutas \"copyfrom\" que deber\u00edan estar ocultas de acuerdo con las reglas configuradas de autorizaci\u00f3n basada en rutas (authz). Cuando un nodo ha sido copiado desde una ubicaci\u00f3n protegida, los usuarios con acceso a la copia pueden visualizar la ruta \"copyfrom\" del original. Esto tambi\u00e9n revela el hecho de que el nodo fue copiado. S\u00f3lo es revelada la ruta \"copyfrom\"; no su contenido. Los servidores httpd y svnserve son vulnerables"
}
],
"id": "CVE-2021-28544",
"lastModified": "2024-11-21T05:59:49.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T18:15:08.250",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-17525
Vulnerability from fkie_nvd - Published: 2021-03-17 10:15 - Updated: 2024-11-21 05:08| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html | Mailing List, Third Party Advisory | |
| security@apache.org | https://subversion.apache.org/security/CVE-2020-17525-advisory.txt | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://subversion.apache.org/security/CVE-2020-17525-advisory.txt | Exploit, Patch, Vendor Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| apache | subversion | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "693F5DB8-76CC-4A99-B83D-DAA6CF9A207E",
"versionEndExcluding": "1.10.7",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE489C7C-7BF8-40DC-83F1-95BF531ACDE7",
"versionEndExcluding": "1.14.1",
"versionStartIncluding": "1.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Subversion\u0027s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7"
},
{
"lang": "es",
"value": "El m\u00f3dulo mod_authz_svn de Subversion se bloquear\u00e1 si el servidor est\u00e1 usando reglas de autenticaci\u00f3n en el repositorio con la opci\u00f3n AuthzSVNReposRelativeAccessFile y un cliente env\u00eda una petici\u00f3n para una URL de repositorio no existente.\u0026#xa0;Esto puede causar interrupciones para los usuarios del servicio.\u0026#xa0;Este problema se solucion\u00f3 en los servidores mod_dav_svn+mod_authz_svn versi\u00f3n 1.14.1 y los servidores mod_dav_svn+mod_authz_svn versi\u00f3n 1.10.7"
}
],
"id": "CVE-2020-17525",
"lastModified": "2024-11-21T05:08:17.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-17T10:15:11.873",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-0203
Vulnerability from fkie_nvd - Published: 2019-09-26 16:15 - Updated: 2024-11-21 04:16| URL | Tags | ||
|---|---|---|---|
| security@apache.org | http://subversion.apache.org/security/CVE-2019-0203-advisory.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://subversion.apache.org/security/CVE-2019-0203-advisory.txt | Patch, Vendor Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| apache | subversion | * | |
| apache | subversion | * | |
| apache | subversion | 1.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DD0181-B9AA-42E5-813E-8912532052BB",
"versionEndIncluding": "1.9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "198D8E5E-4D92-43C4-8C30-C940255B4FB0",
"versionEndIncluding": "1.10.4",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45E5978-D958-44EB-8434-63078915B03C",
"versionEndIncluding": "1.11.1",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BCD44-BA16-4A6F-9B4D-2BA89601C76F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion\u0027s svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server."
},
{
"lang": "es",
"value": "En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluy\u00e9ndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando un cliente env\u00eda determinadas secuencias de comandos de protocolo. Esto puede conllevar a interrupciones para los usuarios del servidor."
}
],
"id": "CVE-2019-0203",
"lastModified": "2024-11-21T04:16:28.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-26T16:15:10.440",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://subversion.apache.org/security/CVE-2019-0203-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://subversion.apache.org/security/CVE-2019-0203-advisory.txt"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-11782
Vulnerability from fkie_nvd - Published: 2019-09-26 16:15 - Updated: 2024-11-21 03:44| URL | Tags | ||
|---|---|---|---|
| security@apache.org | http://subversion.apache.org/security/CVE-2018-11782-advisory.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://subversion.apache.org/security/CVE-2018-11782-advisory.txt | Patch, Vendor Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| apache | subversion | * | |
| apache | subversion | * | |
| apache | subversion | 1.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DD0181-B9AA-42E5-813E-8912532052BB",
"versionEndIncluding": "1.9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "198D8E5E-4D92-43C4-8C30-C940255B4FB0",
"versionEndIncluding": "1.10.4",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45E5978-D958-44EB-8434-63078915B03C",
"versionEndIncluding": "1.11.1",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BCD44-BA16-4A6F-9B4D-2BA89601C76F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion\u0027s svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server."
},
{
"lang": "es",
"value": "En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluy\u00e9ndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando una petici\u00f3n de solo lectura bien formada produce una respuesta en particular. Esto puede conllevar a interrupciones para usuarios del servidor."
}
],
"id": "CVE-2018-11782",
"lastModified": "2024-11-21T03:44:01.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-26T16:15:10.363",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-46901 (GCVE-0-2024-46901)
Vulnerability from cvelistv5 – Published: 2024-12-09 09:36 – Updated: 2025-04-13 21:02| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
0 , ≤ 1.14.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T15:23:08.175468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T15:23:24.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-13T21:02:57.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.14.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "HaoZi, WordPress China"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\u003cbr\u003e\u003cbr\u003eAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\u003cbr\u003e\u003cbr\u003eRepositories served via other access methods are not affected."
}
],
"value": "Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\n\nAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\n\nRepositories served via other access methods are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T09:36:52.445Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://subversion.apache.org/security/CVE-2024-46901-advisory.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Subversion: mod_dav_svn denial-of-service via control characters in paths",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-46901",
"datePublished": "2024-12-09T09:36:52.445Z",
"dateReserved": "2024-09-13T04:50:02.877Z",
"dateUpdated": "2025-04-13T21:02:57.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45720 (GCVE-0-2024-45720)
Vulnerability from cvelistv5 – Published: 2024-10-09 12:38 – Updated: 2024-10-09 13:27- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
1.0.0 , ≤ 1.14.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-09T13:07:31.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/08/3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "subversion",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.14.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:20:38.607682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:27:02.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.14.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
},
{
"lang": "en",
"type": "finder",
"value": "splitline (@_splitline_) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On Windows platforms, a \"best fit\" character encoding conversion of command line arguments to Subversion\u0027s executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.\u003cbr\u003e\u003cbr\u003eAll versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eSubversion is not affected on UNIX-like platforms.\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "On Windows platforms, a \"best fit\" character encoding conversion of command line arguments to Subversion\u0027s executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.\n\nAll versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.\n\nSubversion is not affected on UNIX-like platforms."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T12:38:28.971Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://subversion.apache.org/security/CVE-2024-45720-advisory.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Subversion: Command line argument injection on Windows platforms",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45720",
"datePublished": "2024-10-09T12:38:28.971Z",
"dateReserved": "2024-09-05T11:42:42.423Z",
"dateUpdated": "2024-10-09T13:27:02.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24070 (GCVE-0-2022-24070)
Vulnerability from cvelistv5 – Published: 2022-04-12 17:50 – Updated: 2024-08-03 03:59- CWE-416 - Use After Free
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
1.10.0 to 1.14.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/SVN-4880"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"name": "DSA-5119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.10.0 to 1.14.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Subversion would like to thank Thomas Wei\u00dfschuh, cis-solutions.eu."
}
],
"descriptions": [
{
"lang": "en",
"value": "Subversion\u0027s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T05:06:35",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/SVN-4880"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"name": "DSA-5119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Subversion mod_dav_svn is vulnerable to memory corruption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-24070",
"STATE": "PUBLIC",
"TITLE": "Apache Subversion mod_dav_svn is vulnerable to memory corruption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_value": "1.10.0 to 1.14.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Subversion would like to thank Thomas Wei\u00dfschuh, cis-solutions.eu."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Subversion\u0027s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/SVN-4880",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/SVN-4880"
},
{
"name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861",
"refsource": "MISC",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"name": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife",
"refsource": "MISC",
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"name": "DSA-5119",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"name": "https://support.apple.com/kb/HT213345",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-24070",
"datePublished": "2022-04-12T17:50:14",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28544 (GCVE-0-2021-28544)
Vulnerability from cvelistv5 – Published: 2022-04-12 17:50 – Updated: 2024-08-03 21:47- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
1.10.0 to 1.14.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"name": "DSA-5119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.10.0 to 1.14.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Subversion would like to thank Evgeny Kotkov, visualsvn.com."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \u0027copyfrom\u0027 paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \u0027copyfrom\u0027 path of the original. This also reveals the fact that the node was copied. Only the \u0027copyfrom\u0027 path is revealed; not its contents. Both httpd and svnserve servers are vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T13:11:27.211Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"name": "DSA-5119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Subversion SVN authz protected copyfrom paths regression",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-28544",
"STATE": "PUBLIC",
"TITLE": "Apache Subversion SVN authz protected copyfrom paths regression"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_value": "1.10.0 to 1.14.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Subversion would like to thank Evgeny Kotkov, visualsvn.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \u0027copyfrom\u0027 paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \u0027copyfrom\u0027 path of the original. This also reveals the fact that the node was copied. Only the \u0027copyfrom\u0027 path is revealed; not its contents. Both httpd and svnserve servers are vulnerable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt",
"refsource": "MISC",
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"name": "DSA-5119",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"name": "https://support.apple.com/kb/HT213345",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-28544",
"datePublished": "2022-04-12T17:50:13",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17525 (GCVE-0-2020-17525)
Vulnerability from cvelistv5 – Published: 2021-03-17 09:20 – Updated: 2025-02-13 16:27- CWE-476 - NULL Pointer Dereference
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Unaffected:
mod_authz_svn 1.10.7
Affected: mod_authz_svn , < 1.14.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
},
{
"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "unaffected",
"version": "mod_authz_svn 1.10.7"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "mod_authz_svn",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thomas \u00c5kesson (simonsoft.se)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Subversion\u0027s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T14:01:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
},
{
"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote unauthenticated denial-of-service in Subversion mod_authz_svn",
"workarounds": [
{
"lang": "en",
"value": "As a workaround, the use of in-repository authz rules files with the AuthzSVNReposRelativeAccessFile can be avoided by switching to an alternative configuration which fetches an authz rules file from the server\u0027s filesystem, rather than from an SVN repository."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17525",
"STATE": "PUBLIC",
"TITLE": "Remote unauthenticated denial-of-service in Subversion mod_authz_svn"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "mod_authz_svn",
"version_value": "1.14.1"
},
{
"version_affected": "!",
"version_name": "mod_authz_svn",
"version_value": "1.10.7"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thomas \u00c5kesson (simonsoft.se)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Subversion\u0027s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt",
"refsource": "MISC",
"url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
},
{
"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "As a workaround, the use of in-repository authz rules files with the AuthzSVNReposRelativeAccessFile can be avoided by switching to an alternative configuration which fetches an authz rules file from the server\u0027s filesystem, rather than from an SVN repository."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17525",
"datePublished": "2021-03-17T09:20:14.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:35.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0203 (GCVE-0-2019-0203)
Vulnerability from cvelistv5 – Published: 2019-09-26 15:59 – Updated: 2024-08-04 17:44- Denial of Service
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Subversion |
Affected:
Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://subversion.apache.org/security/CVE-2019-0203-advisory.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Subversion",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion\u0027s svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:59:02",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://subversion.apache.org/security/CVE-2019-0203-advisory.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_value": "Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion\u0027s svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://subversion.apache.org/security/CVE-2019-0203-advisory.txt",
"refsource": "MISC",
"url": "http://subversion.apache.org/security/CVE-2019-0203-advisory.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0203",
"datePublished": "2019-09-26T15:59:02",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:14.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46901 (GCVE-0-2024-46901)
Vulnerability from nvd – Published: 2024-12-09 09:36 – Updated: 2025-04-13 21:02| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
0 , ≤ 1.14.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T15:23:08.175468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T15:23:24.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-13T21:02:57.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.14.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "HaoZi, WordPress China"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\u003cbr\u003e\u003cbr\u003eAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\u003cbr\u003e\u003cbr\u003eRepositories served via other access methods are not affected."
}
],
"value": "Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\n\nAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\n\nRepositories served via other access methods are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T09:36:52.445Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://subversion.apache.org/security/CVE-2024-46901-advisory.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Subversion: mod_dav_svn denial-of-service via control characters in paths",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-46901",
"datePublished": "2024-12-09T09:36:52.445Z",
"dateReserved": "2024-09-13T04:50:02.877Z",
"dateUpdated": "2025-04-13T21:02:57.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45720 (GCVE-0-2024-45720)
Vulnerability from nvd – Published: 2024-10-09 12:38 – Updated: 2024-10-09 13:27- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
1.0.0 , ≤ 1.14.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-09T13:07:31.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/08/3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "subversion",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.14.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:20:38.607682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:27:02.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.14.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
},
{
"lang": "en",
"type": "finder",
"value": "splitline (@_splitline_) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On Windows platforms, a \"best fit\" character encoding conversion of command line arguments to Subversion\u0027s executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.\u003cbr\u003e\u003cbr\u003eAll versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eSubversion is not affected on UNIX-like platforms.\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "On Windows platforms, a \"best fit\" character encoding conversion of command line arguments to Subversion\u0027s executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.\n\nAll versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.\n\nSubversion is not affected on UNIX-like platforms."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T12:38:28.971Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://subversion.apache.org/security/CVE-2024-45720-advisory.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Subversion: Command line argument injection on Windows platforms",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45720",
"datePublished": "2024-10-09T12:38:28.971Z",
"dateReserved": "2024-09-05T11:42:42.423Z",
"dateUpdated": "2024-10-09T13:27:02.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24070 (GCVE-0-2022-24070)
Vulnerability from nvd – Published: 2022-04-12 17:50 – Updated: 2024-08-03 03:59- CWE-416 - Use After Free
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
1.10.0 to 1.14.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/SVN-4880"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"name": "DSA-5119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.10.0 to 1.14.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Subversion would like to thank Thomas Wei\u00dfschuh, cis-solutions.eu."
}
],
"descriptions": [
{
"lang": "en",
"value": "Subversion\u0027s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T05:06:35",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/SVN-4880"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"name": "DSA-5119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Subversion mod_dav_svn is vulnerable to memory corruption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-24070",
"STATE": "PUBLIC",
"TITLE": "Apache Subversion mod_dav_svn is vulnerable to memory corruption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_value": "1.10.0 to 1.14.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Subversion would like to thank Thomas Wei\u00dfschuh, cis-solutions.eu."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Subversion\u0027s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/SVN-4880",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/SVN-4880"
},
{
"name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861",
"refsource": "MISC",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"name": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife",
"refsource": "MISC",
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"name": "DSA-5119",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"name": "https://support.apple.com/kb/HT213345",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-24070",
"datePublished": "2022-04-12T17:50:14",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28544 (GCVE-0-2021-28544)
Vulnerability from nvd – Published: 2022-04-12 17:50 – Updated: 2024-08-03 21:47- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
1.10.0 to 1.14.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"name": "DSA-5119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.10.0 to 1.14.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Subversion would like to thank Evgeny Kotkov, visualsvn.com."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \u0027copyfrom\u0027 paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \u0027copyfrom\u0027 path of the original. This also reveals the fact that the node was copied. Only the \u0027copyfrom\u0027 path is revealed; not its contents. Both httpd and svnserve servers are vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T13:11:27.211Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"name": "DSA-5119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Subversion SVN authz protected copyfrom paths regression",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-28544",
"STATE": "PUBLIC",
"TITLE": "Apache Subversion SVN authz protected copyfrom paths regression"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_value": "1.10.0 to 1.14.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Subversion would like to thank Evgeny Kotkov, visualsvn.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \u0027copyfrom\u0027 paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \u0027copyfrom\u0027 path of the original. This also reveals the fact that the node was copied. Only the \u0027copyfrom\u0027 path is revealed; not its contents. Both httpd and svnserve servers are vulnerable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt",
"refsource": "MISC",
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"name": "DSA-5119",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"name": "FEDORA-2022-13cc09ecf2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/"
},
{
"name": "FEDORA-2022-2af658b090",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"name": "https://support.apple.com/kb/HT213345",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-28544",
"datePublished": "2022-04-12T17:50:13",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17525 (GCVE-0-2020-17525)
Vulnerability from nvd – Published: 2021-03-17 09:20 – Updated: 2025-02-13 16:27- CWE-476 - NULL Pointer Dereference
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Unaffected:
mod_authz_svn 1.10.7
Affected: mod_authz_svn , < 1.14.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
},
{
"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "unaffected",
"version": "mod_authz_svn 1.10.7"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "mod_authz_svn",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thomas \u00c5kesson (simonsoft.se)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Subversion\u0027s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T14:01:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
},
{
"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote unauthenticated denial-of-service in Subversion mod_authz_svn",
"workarounds": [
{
"lang": "en",
"value": "As a workaround, the use of in-repository authz rules files with the AuthzSVNReposRelativeAccessFile can be avoided by switching to an alternative configuration which fetches an authz rules file from the server\u0027s filesystem, rather than from an SVN repository."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17525",
"STATE": "PUBLIC",
"TITLE": "Remote unauthenticated denial-of-service in Subversion mod_authz_svn"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "mod_authz_svn",
"version_value": "1.14.1"
},
{
"version_affected": "!",
"version_name": "mod_authz_svn",
"version_value": "1.10.7"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thomas \u00c5kesson (simonsoft.se)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Subversion\u0027s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt",
"refsource": "MISC",
"url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
},
{
"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "As a workaround, the use of in-repository authz rules files with the AuthzSVNReposRelativeAccessFile can be avoided by switching to an alternative configuration which fetches an authz rules file from the server\u0027s filesystem, rather than from an SVN repository."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17525",
"datePublished": "2021-03-17T09:20:14.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:35.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201504-0060
Vulnerability from variot - Updated: 2024-07-23 21:45The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Subversion of mod_dav_svn The server svn:author A vulnerability exists that spoofs properties. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. Successful exploits will allow an attacker to bypass certain security restrictions and perform unauthorized actions. Apache Subversion is an open source version control system developed by the Apache Software Foundation, which is compatible with the Concurrent Versions System (CVS).
For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u9.
For the upcoming stable distribution (jessie), these problems have been fixed in version 1.8.10-6.
For the unstable distribution (sid), these problems have been fixed in version 1.8.10-6. ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580)
It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108)
Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)
Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0251)
C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1
Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5
In general, a standard system update will make all the necessary changes.
The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:1633-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1633.html Issue date: 2015-08-17 CVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3187 =====================================================================
- Summary:
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.
An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248)
It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251)
It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187)
Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers 1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions 1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
- Package List:
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: subversion-1.6.11-15.el6_7.src.rpm
i386: mod_dav_svn-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm
noarch: subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm
x86_64: mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.x86_64.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.x86_64.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.x86_64.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.x86_64.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.x86_64.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.x86_64.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: subversion-1.6.11-15.el6_7.src.rpm
noarch: subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm
x86_64: mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.x86_64.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.x86_64.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.x86_64.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.x86_64.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.x86_64.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.x86_64.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: subversion-1.6.11-15.el6_7.src.rpm
i386: mod_dav_svn-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm
ppc64: mod_dav_svn-1.6.11-15.el6_7.ppc64.rpm subversion-1.6.11-15.el6_7.ppc.rpm subversion-1.6.11-15.el6_7.ppc64.rpm subversion-debuginfo-1.6.11-15.el6_7.ppc.rpm subversion-debuginfo-1.6.11-15.el6_7.ppc64.rpm
s390x: mod_dav_svn-1.6.11-15.el6_7.s390x.rpm subversion-1.6.11-15.el6_7.s390.rpm subversion-1.6.11-15.el6_7.s390x.rpm subversion-debuginfo-1.6.11-15.el6_7.s390.rpm subversion-debuginfo-1.6.11-15.el6_7.s390x.rpm
x86_64: mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.x86_64.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm
noarch: subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm
ppc64: subversion-debuginfo-1.6.11-15.el6_7.ppc.rpm subversion-debuginfo-1.6.11-15.el6_7.ppc64.rpm subversion-devel-1.6.11-15.el6_7.ppc.rpm subversion-devel-1.6.11-15.el6_7.ppc64.rpm subversion-gnome-1.6.11-15.el6_7.ppc.rpm subversion-gnome-1.6.11-15.el6_7.ppc64.rpm subversion-javahl-1.6.11-15.el6_7.ppc.rpm subversion-javahl-1.6.11-15.el6_7.ppc64.rpm subversion-kde-1.6.11-15.el6_7.ppc.rpm subversion-kde-1.6.11-15.el6_7.ppc64.rpm subversion-perl-1.6.11-15.el6_7.ppc.rpm subversion-perl-1.6.11-15.el6_7.ppc64.rpm subversion-ruby-1.6.11-15.el6_7.ppc.rpm subversion-ruby-1.6.11-15.el6_7.ppc64.rpm
s390x: subversion-debuginfo-1.6.11-15.el6_7.s390.rpm subversion-debuginfo-1.6.11-15.el6_7.s390x.rpm subversion-devel-1.6.11-15.el6_7.s390.rpm subversion-devel-1.6.11-15.el6_7.s390x.rpm subversion-gnome-1.6.11-15.el6_7.s390.rpm subversion-gnome-1.6.11-15.el6_7.s390x.rpm subversion-javahl-1.6.11-15.el6_7.s390.rpm subversion-javahl-1.6.11-15.el6_7.s390x.rpm subversion-kde-1.6.11-15.el6_7.s390.rpm subversion-kde-1.6.11-15.el6_7.s390x.rpm subversion-perl-1.6.11-15.el6_7.s390.rpm subversion-perl-1.6.11-15.el6_7.s390x.rpm subversion-ruby-1.6.11-15.el6_7.s390.rpm subversion-ruby-1.6.11-15.el6_7.s390x.rpm
x86_64: subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.x86_64.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.x86_64.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.x86_64.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.x86_64.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: subversion-1.6.11-15.el6_7.src.rpm
i386: mod_dav_svn-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm
x86_64: mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm subversion-1.6.11-15.el6_7.i686.rpm subversion-1.6.11-15.el6_7.x86_64.rpm subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-javahl-1.6.11-15.el6_7.i686.rpm subversion-javahl-1.6.11-15.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm
noarch: subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm
x86_64: subversion-debuginfo-1.6.11-15.el6_7.i686.rpm subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm subversion-devel-1.6.11-15.el6_7.i686.rpm subversion-devel-1.6.11-15.el6_7.x86_64.rpm subversion-gnome-1.6.11-15.el6_7.i686.rpm subversion-gnome-1.6.11-15.el6_7.x86_64.rpm subversion-kde-1.6.11-15.el6_7.i686.rpm subversion-kde-1.6.11-15.el6_7.x86_64.rpm subversion-perl-1.6.11-15.el6_7.i686.rpm subversion-perl-1.6.11-15.el6_7.x86_64.rpm subversion-ruby-1.6.11-15.el6_7.i686.rpm subversion-ruby-1.6.11-15.el6_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0248 https://access.redhat.com/security/cve/CVE-2015-0251 https://access.redhat.com/security/cve/CVE-2015-3187 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2015-0248-advisory.txt https://subversion.apache.org/security/CVE-2015-0251-advisory.txt https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV0ZdjXlSAg2UNWIIRAnuxAJ9x321584dqBcuC2zx8/MmY7CjX1wCgteOU b/tq4pUgkKKPnsFd82A6lMc= =lxDG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Summary:
Subversion's mod_dav_svn server allows setting arbitrary svn:author property values when committing new revisions. This can be accomplished using a specially crafted sequence of requests. An evil-doer can fake svn:author values on his commits. However, as authorization rules are applied to the evil-doer's true username, forged svn:author values can only happen on commits that touch the paths the evil-doer has write access to.
Doing so does not grant any additional access and does not circumvent the standard Apache authentication or authorization mechanisms. Still, an ability to spoof svn:author property values can impact data integrity in environments that rely on these values.
There are no known instances of the problem being exploited in the wild, but an exploit has been tested.
Known vulnerable:
Subversion HTTPD servers 1.5.0 through 1.7.19 (inclusive) Subversion HTTPD servers 1.8.0 through 1.8.11 (inclusive)
Known fixed:
Subversion 1.7.20 Subversion 1.8.13 svnserve (any version) is not vulnerable
Subversion 1.8.12 was not publicly released.
Details:
The Subversion http://-based protocol used for communicating with a Subversion mod_dav_svn server has two versions, v1 and v2. When a commit happens, the client sends a sequence of requests (POST, PUT, MERGE, etc.) that depend on the negotiated protocol version.
Usually, a server uses the name of the authenticated user as the svn:author value for a new revision. In this case, the server will use an arbitrary value coming from the client instead of the svn:author value originating from the authentication mechanism.
An attacker needs to have commit access to the repository to exploit the vulnerability. The ability to spoof svn:author property values can impact data integrity in environments that expect the values to denote the actual commit author. The real ID of the author could still be determined using server access logs. However, it is also possible that a spoofed change could go in unnoticed.
Subversion's repository hooks might see the real ID of the author or the forged value, depending on the hook type and the hook contents:
- A start-commit hook will see the real username in the USER argument
- A start-commit hook will see the real username when performing 'svnlook propget --revprop -t TXN_NAME'
- A pre-commit hook will see the forged username when performing 'svnlook propget --revprop -t TXN_NAME'
- A post-commit hook will see the forged username when performing 'svnlook propget --revprop -r REV'
Unfortunately, no special configuration is required and all mod_dav_svn servers are vulnerable.
New Subversion packages can be found at: http://subversion.apache.org/packages.html
No workaround is available.
References:
CVE-2015-0251 (Subversion)
Reported by:
Bruno Luiz, d4t
Patches:
Patch against 1.7.19: [[[ Index: subversion/mod_dav_svn/deadprops.c =================================================================== --- subversion/mod_dav_svn/deadprops.c (revision 1660122) +++ subversion/mod_dav_svn/deadprops.c (working copy) @@ -160,6 +160,23 @@ get_value(dav_db db, const dav_prop_name name, s }
+static svn_error_t * +change_txn_prop(svn_fs_txn_t txn, + const char propname, + const svn_string_t value, + apr_pool_t scratch_pool) +{ + if (strcmp(propname, SVN_PROP_REVISION_AUTHOR) == 0) + return svn_error_create(SVN_ERR_RA_DAV_REQUEST_FAILED, NULL, + "Attempted to modify 'svn:author' property " + "on a transaction"); + + SVN_ERR(svn_repos_fs_change_txn_prop(txn, propname, value, scratch_pool)); + + return SVN_NO_ERROR; +} + + static dav_error * save_value(dav_db db, const dav_prop_name name, const svn_string_t const old_value_p, @@ -210,9 +227,8 @@ save_value(dav_db db, const dav_prop_name name, { if (db->resource->working) { - serr = svn_repos_fs_change_txn_prop(resource->info->root.txn, - propname, value, - subpool); + serr = change_txn_prop(resource->info->root.txn, propname, + value, subpool); } else { @@ -251,8 +267,8 @@ save_value(dav_db db, const dav_prop_name name, } else if (resource->info->restype == DAV_SVN_RESTYPE_TXN_COLLECTION) { - serr = svn_repos_fs_change_txn_prop(resource->info->root.txn, - propname, value, subpool); + serr = change_txn_prop(resource->info->root.txn, propname, + value, subpool); } else { @@ -561,8 +577,8 @@ db_remove(dav_db db, const dav_prop_name name) / Working Baseline or Working (Version) Resource / if (db->resource->baselined) if (db->resource->working) - serr = svn_repos_fs_change_txn_prop(db->resource->info->root.txn, - propname, NULL, subpool); + serr = change_txn_prop(db->resource->info->root.txn, propname, + NULL, subpool); else /* ### VIOLATING deltaV: you can't proppatch a baseline, it's not a working resource! But this is how we currently ]]]
Patch against 1.8.11: [[[ Index: subversion/mod_dav_svn/deadprops.c =================================================================== --- subversion/mod_dav_svn/deadprops.c (revision 1660122) +++ subversion/mod_dav_svn/deadprops.c (working copy) @@ -163,6 +163,23 @@ get_value(dav_db db, const dav_prop_name name, s }
+static svn_error_t * +change_txn_prop(svn_fs_txn_t txn, + const char propname, + const svn_string_t value, + apr_pool_t scratch_pool) +{ + if (strcmp(propname, SVN_PROP_REVISION_AUTHOR) == 0) + return svn_error_create(SVN_ERR_RA_DAV_REQUEST_FAILED, NULL, + "Attempted to modify 'svn:author' property " + "on a transaction"); + + SVN_ERR(svn_repos_fs_change_txn_prop(txn, propname, value, scratch_pool)); + + return SVN_NO_ERROR; +} + + static dav_error * save_value(dav_db db, const dav_prop_name name, const svn_string_t const old_value_p, @@ -213,9 +230,8 @@ save_value(dav_db db, const dav_prop_name name, { if (resource->working) { - serr = svn_repos_fs_change_txn_prop(resource->info->root.txn, - propname, value, - subpool); + serr = change_txn_prop(resource->info->root.txn, propname, + value, subpool); } else { @@ -254,8 +270,8 @@ save_value(dav_db db, const dav_prop_name name, } else if (resource->info->restype == DAV_SVN_RESTYPE_TXN_COLLECTION) { - serr = svn_repos_fs_change_txn_prop(resource->info->root.txn, - propname, value, subpool); + serr = change_txn_prop(resource->info->root.txn, propname, + value, subpool); } else { @@ -560,8 +576,8 @@ db_remove(dav_db db, const dav_prop_name name) / Working Baseline or Working (Version) Resource / if (db->resource->baselined) if (db->resource->working) - serr = svn_repos_fs_change_txn_prop(db->resource->info->root.txn, - propname, NULL, subpool); + serr = change_txn_prop(db->resource->info->root.txn, propname, + NULL, subpool); else /* ### VIOLATING deltaV: you can't proppatch a baseline, it's not a working resource! But this is how we currently ]]]
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-09-16-2 Xcode 7.0
Xcode 7.0 is now available and addresses the following:
DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation
IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. These issues were addressed by updating openssl to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree
subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.0".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV+axlAAoJEBcWfLTuOo7tzuMQAJhCQaeClT0rDozh+WlKgM6f X86xFeXLJ1gjlPKH183Bvm2gTW0m5kQuoNK1grarMB+rEeb8mPsOczwrIJisxVlr 5zkW/7JktHcsBU5vUa4j4T/CEJjp92VPZ4ub3k3eQOrhinn4E86uKcMxrYoQOAE0 YFMSDaPBFy+LIJ08ROB/AH8fkGJMLRCRAp43IGgzNuxCDx9jzW97m1dh86mR1CxP GdhWRvN7T5YqXyJTw6pZbEHtVXjty8appe2ScvHByCRxa4gZq+/JinHInLjaB4p7 3o58rAWh7lDhcEi3HqkIu0YW6fLslPydCHTI4cH1PCHTuevNjjvK34IqMbD0jG/t tO+vQFhwXpD5chsSB2oP2zLOWAJ7BA5uwvArkJhGKKzQ5DEI0soLBWG7Koe3RitO HokIMyx0r+sf4YD+OP4RVPU9bU4FpayXZnECmHzWmK2vguihbIzjxq+Knvx7aiF9 js1Qn0DxT2puVYdhixtkvYKT7r8XRjI8MPLEwS+tX1Yg1Lqhz2G1MR6mO9iBW56L g5deOuCVc56qeaobuUK0clvdFYtyd5jIXgh0zspZ4ssCbbdCOTZUQaG1mBGkIf3R JgWTX8ny1Fdk9om3dmZVWUCzzqxJR/tm5M7kjGc425ZGaoBRWLga1VIjNz7MEfKS YMBNmqt6weEewNqyDMnX =SGgX -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.23"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7.z"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.5.0 to 1.7.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.0 to 1.8.11"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.0 (os x yosemite v10.10.4 or later )"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.22"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.8.13"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.20"
}
],
"sources": [
{
"db": "BID",
"id": "74259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-100"
},
{
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Zhakov, VisualSVN",
"sources": [
{
"db": "BID",
"id": "74259"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0251",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-78197",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0251",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-100",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78197",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78197"
},
{
"db": "VULMON",
"id": "CVE-2015-0251"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-100"
},
{
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Subversion of mod_dav_svn The server svn:author A vulnerability exists that spoofs properties. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. \nSuccessful exploits will allow an attacker to bypass certain security restrictions and perform unauthorized actions. Apache Subversion is an open source version control system developed by the Apache Software Foundation, which is compatible with the Concurrent Versions System (CVS). \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.17dfsg-4+deb7u9. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.8.10-6. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.10-6. ============================================================================\nUbuntu Security Notice USN-2721-1\nAugust 20, 2015\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2014-3580)\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled requests requiring a lookup for a virtual transaction name that\ndoes not exist. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-8108)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly\nhandled large numbers of REPORT requests. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve\nmodules incorrectly certain crafted parameter combinations. (CVE-2015-0251)\n\nC. Michael Pilato discovered that the Subversion mod_dav_svn module\nincorrectly restricted anonymous access. A remote attacker could use this\nissue to read hidden files via the path name. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based\nauthorization. A remote attacker could use this issue to obtain sensitive\npath information. (CVE-2015-3187)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libapache2-svn 1.8.10-5ubuntu1.1\n libsvn1 1.8.10-5ubuntu1.1\n subversion 1.8.10-5ubuntu1.1\n\nUbuntu 14.04 LTS:\n libapache2-svn 1.8.8-1ubuntu3.2\n libsvn1 1.8.8-1ubuntu3.2\n subversion 1.8.8-1ubuntu3.2\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.5\n libsvn1 1.6.17dfsg-3ubuntu3.5\n subversion 1.6.17dfsg-3ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. \n \n The updated packages have been upgraded to the 1.7.20 and 1.8.13\n versions where these security flaws has been fixed. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:1633-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1633.html\nIssue date: 2015-08-17\nCVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3187 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. \nThe mod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP. \n\nAn assertion failure flaw was found in the way the SVN server processed\ncertain requests with dynamically evaluated revision numbers. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. (CVE-2015-0248)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property. \n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato\nof CollabNet as the original reporter of CVE-2015-3187. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers\n1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions\n1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nsubversion-1.6.11-15.el6_7.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-15.el6_7.i686.rpm\nsubversion-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-devel-1.6.11-15.el6_7.i686.rpm\nsubversion-gnome-1.6.11-15.el6_7.i686.rpm\nsubversion-javahl-1.6.11-15.el6_7.i686.rpm\nsubversion-kde-1.6.11-15.el6_7.i686.rpm\nsubversion-perl-1.6.11-15.el6_7.i686.rpm\nsubversion-ruby-1.6.11-15.el6_7.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-15.el6_7.noarch.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-15.el6_7.x86_64.rpm\nsubversion-1.6.11-15.el6_7.i686.rpm\nsubversion-1.6.11-15.el6_7.x86_64.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm\nsubversion-devel-1.6.11-15.el6_7.i686.rpm\nsubversion-devel-1.6.11-15.el6_7.x86_64.rpm\nsubversion-gnome-1.6.11-15.el6_7.i686.rpm\nsubversion-gnome-1.6.11-15.el6_7.x86_64.rpm\nsubversion-javahl-1.6.11-15.el6_7.i686.rpm\nsubversion-javahl-1.6.11-15.el6_7.x86_64.rpm\nsubversion-kde-1.6.11-15.el6_7.i686.rpm\nsubversion-kde-1.6.11-15.el6_7.x86_64.rpm\nsubversion-perl-1.6.11-15.el6_7.i686.rpm\nsubversion-perl-1.6.11-15.el6_7.x86_64.rpm\nsubversion-ruby-1.6.11-15.el6_7.i686.rpm\nsubversion-ruby-1.6.11-15.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nsubversion-1.6.11-15.el6_7.src.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-15.el6_7.noarch.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-15.el6_7.x86_64.rpm\nsubversion-1.6.11-15.el6_7.i686.rpm\nsubversion-1.6.11-15.el6_7.x86_64.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm\nsubversion-devel-1.6.11-15.el6_7.i686.rpm\nsubversion-devel-1.6.11-15.el6_7.x86_64.rpm\nsubversion-gnome-1.6.11-15.el6_7.i686.rpm\nsubversion-gnome-1.6.11-15.el6_7.x86_64.rpm\nsubversion-javahl-1.6.11-15.el6_7.i686.rpm\nsubversion-javahl-1.6.11-15.el6_7.x86_64.rpm\nsubversion-kde-1.6.11-15.el6_7.i686.rpm\nsubversion-kde-1.6.11-15.el6_7.x86_64.rpm\nsubversion-perl-1.6.11-15.el6_7.i686.rpm\nsubversion-perl-1.6.11-15.el6_7.x86_64.rpm\nsubversion-ruby-1.6.11-15.el6_7.i686.rpm\nsubversion-ruby-1.6.11-15.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nsubversion-1.6.11-15.el6_7.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-15.el6_7.i686.rpm\nsubversion-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-javahl-1.6.11-15.el6_7.i686.rpm\n\nppc64:\nmod_dav_svn-1.6.11-15.el6_7.ppc64.rpm\nsubversion-1.6.11-15.el6_7.ppc.rpm\nsubversion-1.6.11-15.el6_7.ppc64.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.ppc.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.6.11-15.el6_7.s390x.rpm\nsubversion-1.6.11-15.el6_7.s390.rpm\nsubversion-1.6.11-15.el6_7.s390x.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.s390.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-15.el6_7.x86_64.rpm\nsubversion-1.6.11-15.el6_7.i686.rpm\nsubversion-1.6.11-15.el6_7.x86_64.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm\nsubversion-javahl-1.6.11-15.el6_7.i686.rpm\nsubversion-javahl-1.6.11-15.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-devel-1.6.11-15.el6_7.i686.rpm\nsubversion-gnome-1.6.11-15.el6_7.i686.rpm\nsubversion-kde-1.6.11-15.el6_7.i686.rpm\nsubversion-perl-1.6.11-15.el6_7.i686.rpm\nsubversion-ruby-1.6.11-15.el6_7.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-15.el6_7.noarch.rpm\n\nppc64:\nsubversion-debuginfo-1.6.11-15.el6_7.ppc.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.ppc64.rpm\nsubversion-devel-1.6.11-15.el6_7.ppc.rpm\nsubversion-devel-1.6.11-15.el6_7.ppc64.rpm\nsubversion-gnome-1.6.11-15.el6_7.ppc.rpm\nsubversion-gnome-1.6.11-15.el6_7.ppc64.rpm\nsubversion-javahl-1.6.11-15.el6_7.ppc.rpm\nsubversion-javahl-1.6.11-15.el6_7.ppc64.rpm\nsubversion-kde-1.6.11-15.el6_7.ppc.rpm\nsubversion-kde-1.6.11-15.el6_7.ppc64.rpm\nsubversion-perl-1.6.11-15.el6_7.ppc.rpm\nsubversion-perl-1.6.11-15.el6_7.ppc64.rpm\nsubversion-ruby-1.6.11-15.el6_7.ppc.rpm\nsubversion-ruby-1.6.11-15.el6_7.ppc64.rpm\n\ns390x:\nsubversion-debuginfo-1.6.11-15.el6_7.s390.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.s390x.rpm\nsubversion-devel-1.6.11-15.el6_7.s390.rpm\nsubversion-devel-1.6.11-15.el6_7.s390x.rpm\nsubversion-gnome-1.6.11-15.el6_7.s390.rpm\nsubversion-gnome-1.6.11-15.el6_7.s390x.rpm\nsubversion-javahl-1.6.11-15.el6_7.s390.rpm\nsubversion-javahl-1.6.11-15.el6_7.s390x.rpm\nsubversion-kde-1.6.11-15.el6_7.s390.rpm\nsubversion-kde-1.6.11-15.el6_7.s390x.rpm\nsubversion-perl-1.6.11-15.el6_7.s390.rpm\nsubversion-perl-1.6.11-15.el6_7.s390x.rpm\nsubversion-ruby-1.6.11-15.el6_7.s390.rpm\nsubversion-ruby-1.6.11-15.el6_7.s390x.rpm\n\nx86_64:\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm\nsubversion-devel-1.6.11-15.el6_7.i686.rpm\nsubversion-devel-1.6.11-15.el6_7.x86_64.rpm\nsubversion-gnome-1.6.11-15.el6_7.i686.rpm\nsubversion-gnome-1.6.11-15.el6_7.x86_64.rpm\nsubversion-kde-1.6.11-15.el6_7.i686.rpm\nsubversion-kde-1.6.11-15.el6_7.x86_64.rpm\nsubversion-perl-1.6.11-15.el6_7.i686.rpm\nsubversion-perl-1.6.11-15.el6_7.x86_64.rpm\nsubversion-ruby-1.6.11-15.el6_7.i686.rpm\nsubversion-ruby-1.6.11-15.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nsubversion-1.6.11-15.el6_7.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-15.el6_7.i686.rpm\nsubversion-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-javahl-1.6.11-15.el6_7.i686.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-15.el6_7.x86_64.rpm\nsubversion-1.6.11-15.el6_7.i686.rpm\nsubversion-1.6.11-15.el6_7.x86_64.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm\nsubversion-javahl-1.6.11-15.el6_7.i686.rpm\nsubversion-javahl-1.6.11-15.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-devel-1.6.11-15.el6_7.i686.rpm\nsubversion-gnome-1.6.11-15.el6_7.i686.rpm\nsubversion-kde-1.6.11-15.el6_7.i686.rpm\nsubversion-perl-1.6.11-15.el6_7.i686.rpm\nsubversion-ruby-1.6.11-15.el6_7.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-15.el6_7.noarch.rpm\n\nx86_64:\nsubversion-debuginfo-1.6.11-15.el6_7.i686.rpm\nsubversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm\nsubversion-devel-1.6.11-15.el6_7.i686.rpm\nsubversion-devel-1.6.11-15.el6_7.x86_64.rpm\nsubversion-gnome-1.6.11-15.el6_7.i686.rpm\nsubversion-gnome-1.6.11-15.el6_7.x86_64.rpm\nsubversion-kde-1.6.11-15.el6_7.i686.rpm\nsubversion-kde-1.6.11-15.el6_7.x86_64.rpm\nsubversion-perl-1.6.11-15.el6_7.i686.rpm\nsubversion-perl-1.6.11-15.el6_7.x86_64.rpm\nsubversion-ruby-1.6.11-15.el6_7.i686.rpm\nsubversion-ruby-1.6.11-15.el6_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0248\nhttps://access.redhat.com/security/cve/CVE-2015-0251\nhttps://access.redhat.com/security/cve/CVE-2015-3187\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2015-0248-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-0251-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3187-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV0ZdjXlSAg2UNWIIRAnuxAJ9x321584dqBcuC2zx8/MmY7CjX1wCgteOU\nb/tq4pUgkKKPnsFd82A6lMc=\n=lxDG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSummary:\n========\n\n Subversion\u0027s mod_dav_svn server allows setting arbitrary svn:author\n property values when committing new revisions. This can be accomplished\n using a specially crafted sequence of requests. An evil-doer can fake\n svn:author values on his commits. However, as authorization rules are\n applied to the evil-doer\u0027s true username, forged svn:author values can\n only happen on commits that touch the paths the evil-doer has write\n access to. \n\n Doing so does not grant any additional access and does not circumvent the\n standard Apache authentication or authorization mechanisms. Still, an\n ability to spoof svn:author property values can impact data integrity in\n environments that rely on these values. \n\n There are no known instances of the problem being exploited in the wild,\n but an exploit has been tested. \n\nKnown vulnerable:\n=================\n\n Subversion HTTPD servers 1.5.0 through 1.7.19 (inclusive)\n Subversion HTTPD servers 1.8.0 through 1.8.11 (inclusive)\n\nKnown fixed:\n============\n\n Subversion 1.7.20\n Subversion 1.8.13\n svnserve (any version) is not vulnerable\n\n Subversion 1.8.12 was not publicly released. \n\nDetails:\n========\n\n The Subversion http://-based protocol used for communicating with\n a Subversion mod_dav_svn server has two versions, v1 and v2. When a commit happens, the\n client sends a sequence of requests (POST, PUT, MERGE, etc.) that depend\n on the negotiated protocol version. \n\n Usually, a server uses the name of the authenticated user as the svn:author\n value for a new revision. In this case, the server will use an arbitrary value\n coming from the client instead of the svn:author value originating from\n the authentication mechanism. \n\n An attacker needs to have commit access to the repository to exploit the\n vulnerability. The ability to spoof svn:author property values can impact\n data integrity in environments that expect the values to denote the actual\n commit author. The real ID of the author could still be determined using\n server access logs. However, it is also possible that a spoofed change\n could go in unnoticed. \n\n Subversion\u0027s repository hooks might see the real ID of the author or the\n forged value, depending on the hook type and the hook contents:\n\n - A start-commit hook will see the real username in the USER argument\n - A start-commit hook will see the real username when performing\n \u0027svnlook propget --revprop -t TXN_NAME\u0027\n - A pre-commit hook will see the forged username when performing\n \u0027svnlook propget --revprop -t TXN_NAME\u0027\n - A post-commit hook will see the forged username when performing\n \u0027svnlook propget --revprop -r REV\u0027\n\n Unfortunately, no special configuration is required and all mod_dav_svn\n servers are vulnerable. \n\n New Subversion packages can be found at:\n http://subversion.apache.org/packages.html\n\n No workaround is available. \n\nReferences:\n===========\n\n CVE-2015-0251 (Subversion)\n\nReported by:\n============\n\n Bruno Luiz, d4t\n\nPatches:\n========\n\n Patch against 1.7.19:\n[[[\nIndex: subversion/mod_dav_svn/deadprops.c\n===================================================================\n--- subversion/mod_dav_svn/deadprops.c (revision 1660122)\n+++ subversion/mod_dav_svn/deadprops.c (working copy)\n@@ -160,6 +160,23 @@ get_value(dav_db *db, const dav_prop_name *name, s\n}\n\n\n+static svn_error_t *\n+change_txn_prop(svn_fs_txn_t *txn,\n+ const char *propname,\n+ const svn_string_t *value,\n+ apr_pool_t *scratch_pool)\n+{\n+ if (strcmp(propname, SVN_PROP_REVISION_AUTHOR) == 0)\n+ return svn_error_create(SVN_ERR_RA_DAV_REQUEST_FAILED, NULL,\n+ \"Attempted to modify \u0027svn:author\u0027 property \"\n+ \"on a transaction\");\n+\n+ SVN_ERR(svn_repos_fs_change_txn_prop(txn, propname, value, scratch_pool));\n+\n+ return SVN_NO_ERROR;\n+}\n+\n+\nstatic dav_error *\nsave_value(dav_db *db, const dav_prop_name *name,\n const svn_string_t *const *old_value_p,\n@@ -210,9 +227,8 @@ save_value(dav_db *db, const dav_prop_name *name,\n {\n if (db-\u003eresource-\u003eworking)\n {\n- serr = svn_repos_fs_change_txn_prop(resource-\u003einfo-\u003eroot.txn,\n- propname, value,\n- subpool);\n+ serr = change_txn_prop(resource-\u003einfo-\u003eroot.txn, propname,\n+ value, subpool);\n }\n else\n {\n@@ -251,8 +267,8 @@ save_value(dav_db *db, const dav_prop_name *name,\n }\n else if (resource-\u003einfo-\u003erestype == DAV_SVN_RESTYPE_TXN_COLLECTION)\n {\n- serr = svn_repos_fs_change_txn_prop(resource-\u003einfo-\u003eroot.txn,\n- propname, value, subpool);\n+ serr = change_txn_prop(resource-\u003einfo-\u003eroot.txn, propname,\n+ value, subpool);\n }\n else\n {\n@@ -561,8 +577,8 @@ db_remove(dav_db *db, const dav_prop_name *name)\n /* Working Baseline or Working (Version) Resource */\n if (db-\u003eresource-\u003ebaselined)\n if (db-\u003eresource-\u003eworking)\n- serr = svn_repos_fs_change_txn_prop(db-\u003eresource-\u003einfo-\u003eroot.txn,\n- propname, NULL, subpool);\n+ serr = change_txn_prop(db-\u003eresource-\u003einfo-\u003eroot.txn, propname,\n+ NULL, subpool);\n else\n /* ### VIOLATING deltaV: you can\u0027t proppatch a baseline, it\u0027s\n not a working resource! But this is how we currently\n]]]\n\n Patch against 1.8.11:\n[[[\nIndex: subversion/mod_dav_svn/deadprops.c\n===================================================================\n--- subversion/mod_dav_svn/deadprops.c (revision 1660122)\n+++ subversion/mod_dav_svn/deadprops.c (working copy)\n@@ -163,6 +163,23 @@ get_value(dav_db *db, const dav_prop_name *name, s\n}\n\n\n+static svn_error_t *\n+change_txn_prop(svn_fs_txn_t *txn,\n+ const char *propname,\n+ const svn_string_t *value,\n+ apr_pool_t *scratch_pool)\n+{\n+ if (strcmp(propname, SVN_PROP_REVISION_AUTHOR) == 0)\n+ return svn_error_create(SVN_ERR_RA_DAV_REQUEST_FAILED, NULL,\n+ \"Attempted to modify \u0027svn:author\u0027 property \"\n+ \"on a transaction\");\n+\n+ SVN_ERR(svn_repos_fs_change_txn_prop(txn, propname, value, scratch_pool));\n+\n+ return SVN_NO_ERROR;\n+}\n+\n+\nstatic dav_error *\nsave_value(dav_db *db, const dav_prop_name *name,\n const svn_string_t *const *old_value_p,\n@@ -213,9 +230,8 @@ save_value(dav_db *db, const dav_prop_name *name,\n {\n if (resource-\u003eworking)\n {\n- serr = svn_repos_fs_change_txn_prop(resource-\u003einfo-\u003eroot.txn,\n- propname, value,\n- subpool);\n+ serr = change_txn_prop(resource-\u003einfo-\u003eroot.txn, propname,\n+ value, subpool);\n }\n else\n {\n@@ -254,8 +270,8 @@ save_value(dav_db *db, const dav_prop_name *name,\n }\n else if (resource-\u003einfo-\u003erestype == DAV_SVN_RESTYPE_TXN_COLLECTION)\n {\n- serr = svn_repos_fs_change_txn_prop(resource-\u003einfo-\u003eroot.txn,\n- propname, value, subpool);\n+ serr = change_txn_prop(resource-\u003einfo-\u003eroot.txn, propname,\n+ value, subpool);\n }\n else\n {\n@@ -560,8 +576,8 @@ db_remove(dav_db *db, const dav_prop_name *name)\n /* Working Baseline or Working (Version) Resource */\n if (db-\u003eresource-\u003ebaselined)\n if (db-\u003eresource-\u003eworking)\n- serr = svn_repos_fs_change_txn_prop(db-\u003eresource-\u003einfo-\u003eroot.txn,\n- propname, NULL, subpool);\n+ serr = change_txn_prop(db-\u003eresource-\u003einfo-\u003eroot.txn, propname,\n+ NULL, subpool);\n else\n /* ### VIOLATING deltaV: you can\u0027t proppatch a baseline, it\u0027s\n not a working resource! But this is how we currently\n]]]\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-2 Xcode 7.0\n\nXcode 7.0 is now available and addresses the following:\n\nDevTools\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker may be able to bypass access restrictions\nDescription: An API issue existed in the apache configuration. \nCVE-ID\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\n\nIDE Xcode Server\nAvailable for: OS X Yosemite 10.10 or later\nImpact: An attacker may be able to access restricted parts of the\nfilesystem\nDescription: A comparison issue existed in the node.js send module\nprior to version 0.8.4. This issue was addressed by upgrading to\nversion 0.12.3. \nCVE-ID\nCVE-2014-6394 : Ilya Kantor\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilties in OpenSSL\nDescription: Multiple vulnerabilties existed in the node.js OpenSSL\nmodule prior to version 1.0.1j. These issues were addressed by\nupdating openssl to version 1.0.1j. \nCVE-ID\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker with a privileged network position may be able\nto inspect traffic to Xcode Server\nDescription: Connections to Xcode Server may have been made without\nencryption. This issue was addressed through improved network\nconnection logic. \nCVE-ID\nCVE-2015-5910 : an anonymous researcher\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Build notifications may be sent to unintended recipients\nDescription: An access issue existed in the handling of repository\nemail lists. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\nAnchorfree\n\nsubversion\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities existed in svn versions prior to\n1.7.19\nDescription: Multiple vulnerabilities existed in svn versions prior\nto 1.7.19. These issues were addressed by updating svn to version\n1.7.20. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+axlAAoJEBcWfLTuOo7tzuMQAJhCQaeClT0rDozh+WlKgM6f\nX86xFeXLJ1gjlPKH183Bvm2gTW0m5kQuoNK1grarMB+rEeb8mPsOczwrIJisxVlr\n5zkW/7JktHcsBU5vUa4j4T/CEJjp92VPZ4ub3k3eQOrhinn4E86uKcMxrYoQOAE0\nYFMSDaPBFy+LIJ08ROB/AH8fkGJMLRCRAp43IGgzNuxCDx9jzW97m1dh86mR1CxP\nGdhWRvN7T5YqXyJTw6pZbEHtVXjty8appe2ScvHByCRxa4gZq+/JinHInLjaB4p7\n3o58rAWh7lDhcEi3HqkIu0YW6fLslPydCHTI4cH1PCHTuevNjjvK34IqMbD0jG/t\ntO+vQFhwXpD5chsSB2oP2zLOWAJ7BA5uwvArkJhGKKzQ5DEI0soLBWG7Koe3RitO\nHokIMyx0r+sf4YD+OP4RVPU9bU4FpayXZnECmHzWmK2vguihbIzjxq+Knvx7aiF9\njs1Qn0DxT2puVYdhixtkvYKT7r8XRjI8MPLEwS+tX1Yg1Lqhz2G1MR6mO9iBW56L\ng5deOuCVc56qeaobuUK0clvdFYtyd5jIXgh0zspZ4ssCbbdCOTZUQaG1mBGkIf3R\nJgWTX8ny1Fdk9om3dmZVWUCzzqxJR/tm5M7kjGc425ZGaoBRWLga1VIjNz7MEfKS\nYMBNmqt6weEewNqyDMnX\n=SGgX\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0251"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"db": "BID",
"id": "74259"
},
{
"db": "VULHUB",
"id": "VHN-78197"
},
{
"db": "VULMON",
"id": "CVE-2015-0251"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "132267"
},
{
"db": "PACKETSTORM",
"id": "133617"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-78197",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78197"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0251",
"trust": 3.5
},
{
"db": "BID",
"id": "74259",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1033214",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99970459",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-100",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "132267",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-78197",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0251",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131562",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133236",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133617",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78197"
},
{
"db": "VULMON",
"id": "CVE-2015-0251"
},
{
"db": "BID",
"id": "74259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "132267"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-100"
},
{
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"id": "VAR-201504-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78197"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:45:04.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-09-16-2 Xcode 7.0",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
},
{
"title": "HT205217",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205217"
},
{
"title": "HT205217",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205217"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "RHSA-2015:1633",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1633.html"
},
{
"title": "CVE-2015-0251-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2015-0251-advisory.txt"
},
{
"title": "Debian Security Advisories: DSA-3231-1 subversion -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9dd5c0c7b53a0f19f49a9b42677637fd"
},
{
"title": "Red Hat: CVE-2015-0251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0251"
},
{
"title": "Amazon Linux AMI: ALAS-2015-587",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-587"
},
{
"title": "Apple: Xcode 7.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=768a45894d5a25fbf47fbec8f017a52b"
},
{
"title": "Ubuntu Security Notice: subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2721-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0251"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78197"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://subversion.apache.org/security/cve-2015-0251-advisory.txt"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:192"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1742.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74259"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1633.html"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2721-1"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht205217"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2015/dsa-3231"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2015/jun/32"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033214"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0251"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99970459/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0251"
},
{
"trust": 0.8,
"url": "http://www.mandriva.com/en/support/security/advisories/advisory/mdvsa-2015:192/?name=mdvsa-2015:192"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0251"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.2,
"url": "http://subversion.apache.org/security/cve-2015-0248-advisory.txt"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-3231"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2721-1/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0248"
},
{
"trust": 0.1,
"url": "http://subversion.apache.org/security/cve-2015-0202-advisory.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0202"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2015-3187-advisory.txt"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0248"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://-based"
},
{
"trust": 0.1,
"url": "http://subversion.apache.org/packages.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78197"
},
{
"db": "VULMON",
"id": "CVE-2015-0251"
},
{
"db": "BID",
"id": "74259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "132267"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-100"
},
{
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78197"
},
{
"db": "VULMON",
"id": "CVE-2015-0251"
},
{
"db": "BID",
"id": "74259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "132267"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-100"
},
{
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78197"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0251"
},
{
"date": "2015-04-08T00:00:00",
"db": "BID",
"id": "74259"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"date": "2015-04-22T00:38:50",
"db": "PACKETSTORM",
"id": "131562"
},
{
"date": "2015-08-21T16:59:18",
"db": "PACKETSTORM",
"id": "133236"
},
{
"date": "2015-04-03T15:47:42",
"db": "PACKETSTORM",
"id": "131276"
},
{
"date": "2015-08-17T15:40:41",
"db": "PACKETSTORM",
"id": "133096"
},
{
"date": "2015-06-11T23:49:38",
"db": "PACKETSTORM",
"id": "132267"
},
{
"date": "2015-09-19T15:31:48",
"db": "PACKETSTORM",
"id": "133617"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-100"
},
{
"date": "2015-04-08T18:59:02.843000",
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-78197"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0251"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "74259"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002130"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-100"
},
{
"date": "2018-10-30T16:27:35.843000",
"db": "NVD",
"id": "CVE-2015-0251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-100"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Subversion of mod_dav_svn On the server svn:author Vulnerability spoofing property",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002130"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "74259"
}
],
"trust": 0.3
}
}
VAR-202204-0432
Vulnerability from variot - Updated: 2024-07-23 20:15Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. Subversion of mod_dav_svn Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). Apache Subversion has a resource management error vulnerability that stems from a use-after-free bug in mod_dav_svn. ========================================================================== Ubuntu Security Notice USN-5372-1 April 12, 2022
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544)
Thomas Wei\xdfschuh discovered that Subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libapache2-mod-svn 1.14.1-3ubuntu0.1 libsvn-java 1.14.1-3ubuntu0.1 libsvn-perl 1.14.1-3ubuntu0.1 libsvn1 1.14.1-3ubuntu0.1 python3-subversion 1.14.1-3ubuntu0.1 ruby-svn 1.14.1-3ubuntu0.1 subversion 1.14.1-3ubuntu0.1 subversion-tools 1.14.1-3ubuntu0.1
Ubuntu 20.04 LTS: libapache2-mod-svn 1.13.0-3ubuntu0.1 libsvn-java 1.13.0-3ubuntu0.1 libsvn-perl 1.13.0-3ubuntu0.1 libsvn1 1.13.0-3ubuntu0.1 python-subversion 1.13.0-3ubuntu0.1 ruby-svn 1.13.0-3ubuntu0.1 subversion 1.13.0-3ubuntu0.1 subversion-tools 1.13.0-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
CVE-2022-24070
Thomas Weissschuh reported that Subversion's mod_dav_svn is prone to
a use-after-free vulnerability when looking up path-based
authorization rules, which can result in denial of service (crash of
HTTPD worker handling the request).
For the oldstable distribution (buster), these problems have been fixed in version 1.10.4-1+deb10u3.
For the stable distribution (bullseye), these problems have been fixed in version 1.14.1-3+deb11u1.
We recommend that you upgrade your subversion packages.
For the detailed security status of subversion please refer to its security tracker page at: https://security-tracker.debian.org/tracker/subversion
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJWT8RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T5nA//cNwSe776flBf6n4X6Lo6zctM1q4ZNsY0dzr1lV9TpOOg4SlA/esb6gDa 9b/Ty+FwOg3T3vdw0HU2rqFTFimb6I+/gM3ly1XOvtqHXj6av4caDtAPk7wyNOdk Pi4kzd2bISM6rZUqQDGFstMrNk5a+N7TajIT+7UAO7Ar85IDwvke269TsYxEZtka gjUNRc7J2FXY9QHd47DnD2CK3CGix+t4tKGJVdeHx1zGb/73vSRki0RnwNpAbr2h wvzj+W9Hx92Nh1GCNoYv3b7oyxjPBerI/v4QrYu2EnPYaV8oLW0JPc4JYf0YPQrR R/RNhydAzOqFzy05rMCq9WZHwH++fBhJmWctA/LfOJYO+Lrj6HI17D4gPJraofcZ Jjcb7j156fY7FGclrPDuavOe2GmcylxUmUiwu1eL6PYZ/QAcdbbaw8nf1V1f9cDj tzTAAIKdRtsCtkC9WYSz/H5+UckJ8XYK3+nxRIblIsHHgk8ICOO5mWEIzEbqzGad NKwysuNBSFqUQCLMADf0fZTxHts6DF8Sj3yjVaDfCrVqTY+Qk8yTl97dnAxflI3W HX7ees+yLmHF46P7gskWy0YLSPXmqRkSagpA60AT+DekLpXL+pIBgFN+bgtndr4i fNAhsxLlmPZ9EVzVbfHT5J3ULRXdi1vwHiXXjuJBKkwNLybCu60= =Bytg -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: subversion:1.10 security update Advisory ID: RHSA-2022:2236-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2236 Issue date: 2022-05-12 CVE Names: CVE-2022-24070 ==================================================================== 1. Summary:
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Security Fix(es):
- subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source: libserf-1.3.9-9.module+el8.2.0+9887+08558108.src.rpm subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.src.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.src.rpm
aarch64: libserf-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm
noarch: subversion-javahl-1.10.2-3.module+el8.2.0+15168+f36597c9.noarch.rpm
ppc64le: libserf-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm
s390x: libserf-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm
x86_64: libserf-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm mod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24070 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYn3iatzjgjWX9erEAQhybhAAnCLwKUV8Qd0P8bMoriwLdUGnpK41vAmm fOGrmwAd09DNs/HW/8eum8jjjuEVUx/n+Vp0A8BMa2hDqJ+Zm+dSq++A0pGSgr2/ CGBn3BsyM+uyGapkKLYrHCqnD6arvck2CaEtDNyl0/FmI6ZyOLB0g9gkADTit4me qMKrZs303c2udoP5JriRdQ1yFJKVLkt32ssmljsJBUzbIMmt3zZAH0r640wMq5vZ AVdRxrIgmKkToAUD5frD7WzF60hvQ5bBGkXXdjWBDnDTOscWXksiTuucTxTzEfh5 qNlb5I09oPgIZsp563Ry+BYzd8VqVCFXOu90L7UyBVJZbn6/Y/WO9jZ8SmXza+0Z tPeR2mUPeNKQ8NOFxFuzCnN+reOfyKzCeRfUR/7FvQ5FxcrymgWpeOUkUIfjUaCR fymyByBdfxfn3YalL/WD2V0i6VEHlbfKdrn6/Wk1gP0jtsf11Avz94ydkZxo0Cv6 IAZfQmkcAKdYjQ/93dDEFalqqADOD+bOjaBizWfRcLHo+h+SL1MjxSo9l8cL2Y0i ly1o4XnyxMk+SyZbe4v2coVLKuDGpUUxT0YwSplyvedX1ULVYRWvi/Q86Mh9rPmf 39fsdM62D/mLOTiNy3JIn2gS0ir3yRDr1Y1GkZE6SLMJxFOY9+RSVvYhTLCLSLv3 Q5krjcKXb3o=C+KB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, ppc64le, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.14.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "subversion",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "subversion",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "1.14.2"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "subversion",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.14.2",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10.8",
"versionStartIncluding": "1.10.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "167126"
},
{
"db": "PACKETSTORM",
"id": "167244"
}
],
"trust": 0.5
},
"cve": "CVE-2022-24070",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-24070",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-413621",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-24070",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24070",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413621",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Subversion\u0027s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. Subversion of mod_dav_svn Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). Apache Subversion has a resource management error vulnerability that stems from a use-after-free bug in mod_dav_svn. ==========================================================================\nUbuntu Security Notice USN-5372-1\nApril 12, 2022\n\nsubversion vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nEvgeny Kotkov discovered that Subversion servers did not properly follow\npath-based authorization rules in certain cases. An attacker could\npotentially use this issue to retrieve information about private paths. \n(CVE-2021-28544)\n\nThomas Wei\\xdfschuh discovered that Subversion servers did not properly handle\nmemory in certain configurations. A remote attacker could potentially use\nthis issue to cause a denial of service or other unspecified impact. \n(CVE-2022-24070)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libapache2-mod-svn 1.14.1-3ubuntu0.1\n libsvn-java 1.14.1-3ubuntu0.1\n libsvn-perl 1.14.1-3ubuntu0.1\n libsvn1 1.14.1-3ubuntu0.1\n python3-subversion 1.14.1-3ubuntu0.1\n ruby-svn 1.14.1-3ubuntu0.1\n subversion 1.14.1-3ubuntu0.1\n subversion-tools 1.14.1-3ubuntu0.1\n\nUbuntu 20.04 LTS:\n libapache2-mod-svn 1.13.0-3ubuntu0.1\n libsvn-java 1.13.0-3ubuntu0.1\n libsvn-perl 1.13.0-3ubuntu0.1\n libsvn1 1.13.0-3ubuntu0.1\n python-subversion 1.13.0-3ubuntu0.1\n ruby-svn 1.13.0-3ubuntu0.1\n subversion 1.13.0-3ubuntu0.1\n subversion-tools 1.13.0-3ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nCVE-2022-24070\n\n Thomas Weissschuh reported that Subversion\u0027s mod_dav_svn is prone to\n a use-after-free vulnerability when looking up path-based\n authorization rules, which can result in denial of service (crash of\n HTTPD worker handling the request). \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 1.10.4-1+deb10u3. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.14.1-3+deb11u1. \n\nWe recommend that you upgrade your subversion packages. \n\nFor the detailed security status of subversion please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/subversion\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJWT8RfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0T5nA//cNwSe776flBf6n4X6Lo6zctM1q4ZNsY0dzr1lV9TpOOg4SlA/esb6gDa\n9b/Ty+FwOg3T3vdw0HU2rqFTFimb6I+/gM3ly1XOvtqHXj6av4caDtAPk7wyNOdk\nPi4kzd2bISM6rZUqQDGFstMrNk5a+N7TajIT+7UAO7Ar85IDwvke269TsYxEZtka\ngjUNRc7J2FXY9QHd47DnD2CK3CGix+t4tKGJVdeHx1zGb/73vSRki0RnwNpAbr2h\nwvzj+W9Hx92Nh1GCNoYv3b7oyxjPBerI/v4QrYu2EnPYaV8oLW0JPc4JYf0YPQrR\nR/RNhydAzOqFzy05rMCq9WZHwH++fBhJmWctA/LfOJYO+Lrj6HI17D4gPJraofcZ\nJjcb7j156fY7FGclrPDuavOe2GmcylxUmUiwu1eL6PYZ/QAcdbbaw8nf1V1f9cDj\ntzTAAIKdRtsCtkC9WYSz/H5+UckJ8XYK3+nxRIblIsHHgk8ICOO5mWEIzEbqzGad\nNKwysuNBSFqUQCLMADf0fZTxHts6DF8Sj3yjVaDfCrVqTY+Qk8yTl97dnAxflI3W\nHX7ees+yLmHF46P7gskWy0YLSPXmqRkSagpA60AT+DekLpXL+pIBgFN+bgtndr4i\nfNAhsxLlmPZ9EVzVbfHT5J3ULRXdi1vwHiXXjuJBKkwNLybCu60=\n=Bytg\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: subversion:1.10 security update\nAdvisory ID: RHSA-2022:2236-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2236\nIssue date: 2022-05-12\nCVE Names: CVE-2022-24070\n====================================================================\n1. Summary:\n\nAn update for the subversion:1.10 module is now available for Red Hat\nEnterprise Linux 8.2 Extended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. \n\nSecurity Fix(es):\n\n* subversion: Subversion\u0027s mod_dav_svn is vulnerable to memory corruption\n(CVE-2022-24070)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, for the update to take effect, you\nmust restart the httpd daemon, if you are using mod_dav_svn, and the\nsvnserve daemon, if you are serving Subversion repositories via the svn://\nprotocol. \n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream EUS (v. 8.2):\n\nSource:\nlibserf-1.3.9-9.module+el8.2.0+9887+08558108.src.rpm\nsubversion-1.10.2-3.module+el8.2.0+15168+f36597c9.src.rpm\nutf8proc-2.1.1-5.module+el8.2.0+9887+08558108.src.rpm\n\naarch64:\nlibserf-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm\nlibserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm\nlibserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm\nmod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nmod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nsubversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.aarch64.rpm\nutf8proc-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm\nutf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm\nutf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm\n\nnoarch:\nsubversion-javahl-1.10.2-3.module+el8.2.0+15168+f36597c9.noarch.rpm\n\nppc64le:\nlibserf-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm\nlibserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm\nlibserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm\nmod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nmod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nsubversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.ppc64le.rpm\nutf8proc-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm\nutf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm\nutf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm\n\ns390x:\nlibserf-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm\nlibserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm\nlibserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm\nmod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nmod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nsubversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.s390x.rpm\nutf8proc-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm\nutf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm\nutf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm\n\nx86_64:\nlibserf-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm\nlibserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm\nlibserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm\nmod_dav_svn-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nmod_dav_svn-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-debugsource-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-devel-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-devel-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-gnome-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-gnome-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-libs-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-libs-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-perl-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-perl-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-tools-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nsubversion-tools-debuginfo-1.10.2-3.module+el8.2.0+15168+f36597c9.x86_64.rpm\nutf8proc-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm\nutf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm\nutf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24070\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYn3iatzjgjWX9erEAQhybhAAnCLwKUV8Qd0P8bMoriwLdUGnpK41vAmm\nfOGrmwAd09DNs/HW/8eum8jjjuEVUx/n+Vp0A8BMa2hDqJ+Zm+dSq++A0pGSgr2/\nCGBn3BsyM+uyGapkKLYrHCqnD6arvck2CaEtDNyl0/FmI6ZyOLB0g9gkADTit4me\nqMKrZs303c2udoP5JriRdQ1yFJKVLkt32ssmljsJBUzbIMmt3zZAH0r640wMq5vZ\nAVdRxrIgmKkToAUD5frD7WzF60hvQ5bBGkXXdjWBDnDTOscWXksiTuucTxTzEfh5\nqNlb5I09oPgIZsp563Ry+BYzd8VqVCFXOu90L7UyBVJZbn6/Y/WO9jZ8SmXza+0Z\ntPeR2mUPeNKQ8NOFxFuzCnN+reOfyKzCeRfUR/7FvQ5FxcrymgWpeOUkUIfjUaCR\nfymyByBdfxfn3YalL/WD2V0i6VEHlbfKdrn6/Wk1gP0jtsf11Avz94ydkZxo0Cv6\nIAZfQmkcAKdYjQ/93dDEFalqqADOD+bOjaBizWfRcLHo+h+SL1MjxSo9l8cL2Y0i\nly1o4XnyxMk+SyZbe4v2coVLKuDGpUUxT0YwSplyvedX1ULVYRWvi/Q86Mh9rPmf\n39fsdM62D/mLOTiNy3JIn2gS0ir3yRDr1Y1GkZE6SLMJxFOY9+RSVvYhTLCLSLv3\nQ5krjcKXb3o=C+KB\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 9) - aarch64, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24070"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "167126"
},
{
"db": "PACKETSTORM",
"id": "167244"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24070",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167280",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167374",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167126",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167165",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167244",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167455",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167159",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167158",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-38524",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-413621",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166704",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "167126"
},
{
"db": "PACKETSTORM",
"id": "167244"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"id": "VAR-202204-0432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:15:05.279000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213345",
"trust": 0.8,
"url": "https://cwiki.apache.org/confluence/display/httpd/modulelife"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213345"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jul/18"
},
{
"trust": 1.1,
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"trust": 1.1,
"url": "https://cwiki.apache.org/confluence/display/httpd/modulelife"
},
{
"trust": 1.1,
"url": "https://issues.apache.org/jira/browse/svn-4880"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-24070"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5372-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.13.0-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4941"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/subversion"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5450-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4591"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4722"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "167126"
},
{
"db": "PACKETSTORM",
"id": "167244"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "167126"
},
{
"db": "PACKETSTORM",
"id": "167244"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-413621"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"date": "2022-04-13T15:00:52",
"db": "PACKETSTORM",
"id": "166704"
},
{
"date": "2022-06-09T16:10:49",
"db": "PACKETSTORM",
"id": "167455"
},
{
"date": "2022-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "169362"
},
{
"date": "2022-05-27T15:37:43",
"db": "PACKETSTORM",
"id": "167280"
},
{
"date": "2022-05-13T16:05:30",
"db": "PACKETSTORM",
"id": "167165"
},
{
"date": "2022-06-03T15:34:36",
"db": "PACKETSTORM",
"id": "167374"
},
{
"date": "2022-05-12T15:44:49",
"db": "PACKETSTORM",
"id": "167126"
},
{
"date": "2022-05-24T17:34:17",
"db": "PACKETSTORM",
"id": "167244"
},
{
"date": "2022-04-12T18:15:09.137000",
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-413621"
},
{
"date": "2023-08-07T01:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"date": "2023-11-07T03:44:22.993000",
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167280"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Subversion\u00a0 of \u00a0mod_dav_svn\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
}
],
"trust": 0.8
}
}
VAR-201106-0192
Vulnerability from variot - Updated: 2024-07-23 20:13The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. Apache Subversion is prone to multiple vulnerabilities, including two denial-of-service issues and an information-disclosure issue. Attackers can exploit these issues to crash the application, exhaust all memory resources, or obtain potentially sensitive information. Versions prior to Subversion 1.6.17 are vulnerable. The server is fast, reliable and extensible through a simple API.
The mod_dav_svn Apache HTTPD server module may in certain cenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a DoS (Denial Of Service) (CVE-2011-1783).
The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users (CVE-2011-1921).
Packages for 2009.0 are provided as of the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFN6cg2mqjQ0CJFipgRAqj2AKCRyKt813e0OmWSTU5bL58KCmUwowCfT6RY DDOtowgSctAg4EX+tLXIvRQ= =zsmM -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following:
Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker in a privileged network position may intercept CardDAV data Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval. CVE-ID CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-3348
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default. CVE-ID CVE-2011-3389
CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send the request to an incorrect origin server. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook
CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3447 : Erling Ellingsen of Facebook
ColorSync Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative
CoreAudio Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files. CVE-ID CVE-2011-3448 : Scott Stender of iSEC Partners
CoreText Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of font files. CVE-ID CVE-2011-3449 : Will Dormann of the CERT/CC
CoreUI Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3450 : Ben Syverson
curl Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote server may be able to impersonate clients via GSSAPI requests Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation. CVE-ID CVE-2011-2192
Data Security Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.
dovecot Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. CVE-ID CVE-2011-3389 : Apple
filecmds Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the 'uncompress' command line tool. CVE-ID CVE-2011-2895
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is address by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328
Internet Sharing Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update. CVE-ID CVE-2011-3452 : an anonymous researcher
Libinfo Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook
libresolv Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive
libsecurity Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates. CVE-ID CVE-2011-3422 : Alastair Houghton
OpenGL Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in PHP 5.3.6 Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-1148 CVE-2011-1657 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 CVE-2011-3182 CVE-2011-3189 CVE-2011-3267 CVE-2011-3268
PHP Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. CVE-ID CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FLC encoded movie files CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SquirrelMail Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in SquirrelMail Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/ CVE-ID CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023
Subversion Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.tigris.org/ CVE-ID CVE-2011-1752 CVE-2011-1783 CVE-2011-1921
Time Machine Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote attacker may access new backups created by the user's system Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. CVE-ID CVE-2011-3462 : Michael Roitzsch of the Technische Universitat Dresden
Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.32 Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2011-2204
WebDAV Sharing Available for: OS X Lion Server v10.7 to v10.7.2 Impact: Local users may obtain system privileges Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3463 : Gordon Davisson of Crywolf
Webmail Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/ CVE-ID CVE-2011-2937
X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple
OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2021-001 or OS X v10.7.3.
For OS X Lion v10.7.2 The download file is named: MacOSXUpd10.7.3.dmg Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c
For OS X Lion v10.7 and v10.7.1 The download file is named: MacOSXUpdCombo10.7.3.dmg Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c
For OS X Lion Server v10.7.2 The download file is named: MacOSXServerUpd10.7.3.dmg Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d
For OS X Lion Server v10.7 and v10.7.1 The download file is named: MacOSXServerUpdCombo10.7.3.dmg Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b
For Mac OS X v10.6.8 The download file is named: SecUpd2012-001Snow.dmg Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-001.dmg Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy 9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo= =c1eU -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Apache Subversion mod_dav_svn Two Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA44681
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44681/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44681
RELEASE DATE: 2011-06-02
DISCUSS ADVISORY: http://secunia.com/advisories/44681/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44681/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44681
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Apache Subversion, which can be exploited by malicious people to cause a DoS (Denial of Service).
PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor 2) The vendor credits Ivan Zhakov, VisualSVN.
ORIGINAL ADVISORY: http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-11
http://security.gentoo.org/
Severity: Low Title: Subversion: Multiple vulnerabilities Date: September 23, 2013 Bugs: #350166, #356741, #369065, #463728, #463860, #472202, #482166 ID: 201309-11
Synopsis
Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information.
Background
Subversion is a versioning system designed to be a replacement for CVS.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.7.13 >= 1.7.13
Description
Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details. A local attacker could escalate his privileges to the user running svnserve.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13"
References
[ 1 ] CVE-2010-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539 [ 2 ] CVE-2010-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644 [ 3 ] CVE-2011-0715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715 [ 4 ] CVE-2011-1752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752 [ 5 ] CVE-2011-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783 [ 6 ] CVE-2011-1921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921 [ 7 ] CVE-2013-1845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845 [ 8 ] CVE-2013-1846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846 [ 9 ] CVE-2013-1847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847 [ 10 ] CVE-2013-1849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849 [ 11 ] CVE-2013-1884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884 [ 12 ] CVE-2013-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968 [ 13 ] CVE-2013-2088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088 [ 14 ] CVE-2013-2112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112 [ 15 ] CVE-2013-4131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131 [ 16 ] CVE-2013-4277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2011:0862-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0862.html Issue date: 2011-06-08 CVE Names: CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 =====================================================================
- Summary:
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.
An infinite loop flaw was found in the way the mod_dav_svn module processed certain data sets. If the SVNPathAuthz directive was set to "short_circuit", and path-based access control for files and directories was enabled, a malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. (CVE-2011-1783)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process serving the request to crash. (CVE-2011-1752)
An information disclosure flaw was found in the way the mod_dav_svn module processed certain URLs when path-based access control for files and directories was enabled. A malicious, remote user could possibly use this flaw to access certain files in a repository that would otherwise not be accessible to them. Note: This vulnerability cannot be triggered if the SVNPathAuthz directive is set to "short_circuit". Upstream acknowledges Joe Schaefer of the Apache Software Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of VisualSVN as the original reporter of CVE-2011-1783; and Kamesh Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.
All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
709111 - CVE-2011-1752 subversion (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources 709112 - CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control 709114 - CVE-2011-1921 subversion (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users
- Package List:
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm
i386: mod_dav_svn-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-javahl-1.6.11-7.el5_6.4.i386.rpm subversion-perl-1.6.11-7.el5_6.4.i386.rpm subversion-ruby-1.6.11-7.el5_6.4.i386.rpm
x86_64: mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.x86_64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm
i386: mod_dav_svn-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-javahl-1.6.11-7.el5_6.4.i386.rpm subversion-perl-1.6.11-7.el5_6.4.i386.rpm subversion-ruby-1.6.11-7.el5_6.4.i386.rpm
ia64: mod_dav_svn-1.6.11-7.el5_6.4.ia64.rpm subversion-1.6.11-7.el5_6.4.ia64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ia64.rpm subversion-devel-1.6.11-7.el5_6.4.ia64.rpm subversion-javahl-1.6.11-7.el5_6.4.ia64.rpm subversion-perl-1.6.11-7.el5_6.4.ia64.rpm subversion-ruby-1.6.11-7.el5_6.4.ia64.rpm
ppc: mod_dav_svn-1.6.11-7.el5_6.4.ppc.rpm subversion-1.6.11-7.el5_6.4.ppc.rpm subversion-1.6.11-7.el5_6.4.ppc64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ppc.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ppc64.rpm subversion-devel-1.6.11-7.el5_6.4.ppc.rpm subversion-devel-1.6.11-7.el5_6.4.ppc64.rpm subversion-javahl-1.6.11-7.el5_6.4.ppc.rpm subversion-perl-1.6.11-7.el5_6.4.ppc.rpm subversion-ruby-1.6.11-7.el5_6.4.ppc.rpm
s390x: mod_dav_svn-1.6.11-7.el5_6.4.s390x.rpm subversion-1.6.11-7.el5_6.4.s390.rpm subversion-1.6.11-7.el5_6.4.s390x.rpm subversion-debuginfo-1.6.11-7.el5_6.4.s390.rpm subversion-debuginfo-1.6.11-7.el5_6.4.s390x.rpm subversion-devel-1.6.11-7.el5_6.4.s390.rpm subversion-devel-1.6.11-7.el5_6.4.s390x.rpm subversion-javahl-1.6.11-7.el5_6.4.s390x.rpm subversion-perl-1.6.11-7.el5_6.4.s390x.rpm subversion-ruby-1.6.11-7.el5_6.4.s390x.rpm
x86_64: mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.x86_64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm
x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm
x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
ppc64: mod_dav_svn-1.6.11-2.el6_1.4.ppc64.rpm subversion-1.6.11-2.el6_1.4.ppc.rpm subversion-1.6.11-2.el6_1.4.ppc64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm
s390x: mod_dav_svn-1.6.11-2.el6_1.4.s390x.rpm subversion-1.6.11-2.el6_1.4.s390.rpm subversion-1.6.11-2.el6_1.4.s390x.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm
x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm
ppc64: subversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm subversion-devel-1.6.11-2.el6_1.4.ppc.rpm subversion-devel-1.6.11-2.el6_1.4.ppc64.rpm subversion-gnome-1.6.11-2.el6_1.4.ppc.rpm subversion-gnome-1.6.11-2.el6_1.4.ppc64.rpm subversion-javahl-1.6.11-2.el6_1.4.ppc.rpm subversion-javahl-1.6.11-2.el6_1.4.ppc64.rpm subversion-kde-1.6.11-2.el6_1.4.ppc.rpm subversion-kde-1.6.11-2.el6_1.4.ppc64.rpm subversion-perl-1.6.11-2.el6_1.4.ppc.rpm subversion-perl-1.6.11-2.el6_1.4.ppc64.rpm subversion-ruby-1.6.11-2.el6_1.4.ppc.rpm subversion-ruby-1.6.11-2.el6_1.4.ppc64.rpm
s390x: subversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm subversion-devel-1.6.11-2.el6_1.4.s390.rpm subversion-devel-1.6.11-2.el6_1.4.s390x.rpm subversion-gnome-1.6.11-2.el6_1.4.s390.rpm subversion-gnome-1.6.11-2.el6_1.4.s390x.rpm subversion-javahl-1.6.11-2.el6_1.4.s390.rpm subversion-javahl-1.6.11-2.el6_1.4.s390x.rpm subversion-kde-1.6.11-2.el6_1.4.s390.rpm subversion-kde-1.6.11-2.el6_1.4.s390x.rpm subversion-perl-1.6.11-2.el6_1.4.s390.rpm subversion-perl-1.6.11-2.el6_1.4.s390x.rpm subversion-ruby-1.6.11-2.el6_1.4.s390.rpm subversion-ruby-1.6.11-2.el6_1.4.s390x.rpm
x86_64: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm
x86_64: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-1752.html https://www.redhat.com/security/data/cve/CVE-2011-1783.html https://www.redhat.com/security/data/cve/CVE-2011-1921.html https://access.redhat.com/security/updates/classification/#moderate http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
- Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFN75utXlSAg2UNWIIRAuXgAJ9fhhY1xxC7jRZbLGZA6ENr3dnTBQCgkdf0 J9nA8MJRlM/XVtyj3mbVErg= =jujC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2011-1752
The mod_dav_svn Apache HTTPD server module can be crashed though
when asked to deliver baselined WebDAV resources.
For the oldstable distribution (lenny), this problem has been fixed in version 1.5.1dfsg1-7.
For the stable distribution (squeeze), this problem has been fixed in version 1.6.12dfsg-6.
For the unstable distribution (sid), this problem has been fixed in version 1.6.17dfsg-1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201106-0192",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.7.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "11.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"model": "subversion",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "15"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.6.z (server)"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux long life",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.6 server)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.1.z"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "http server",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.2"
},
{
"model": "software foundation subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.17.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "software foundation subversion m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.9"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.37"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.35.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.12"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.6"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.33.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.23"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.36"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.32.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.21"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.11.1"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.18.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.6"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "software foundation subversion m4/m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.29"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.34"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.4"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.5"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.15"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.18"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.19.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.16"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.26"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "software foundation subversion m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.7"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.19"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.33"
},
{
"model": "software foundation subversion m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.20"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.16.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.30"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.25"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.35"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.27"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.20.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.17"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.31"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "48091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.8",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.6.17",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.7.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u0026lt;br\u0026gt;Joe Schaefer of Apache Software Foundation, Ivan Zhakov of VisualSVN, and Kamesh Jayachandran of CollabNet.",
"sources": [
{
"db": "BID",
"id": "48091"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1783",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-1783",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-49728",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1783",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201106-022",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49728",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. Apache Subversion is prone to multiple vulnerabilities, including two denial-of-service issues and an information-disclosure issue. \nAttackers can exploit these issues to crash the application, exhaust all memory resources, or obtain potentially sensitive information. \nVersions prior to Subversion 1.6.17 are vulnerable. The server is fast, reliable and extensible through a simple API. \n \n The mod_dav_svn Apache HTTPD server module may in certain cenarios\n enter a logic loop which does not exit and which allocates emory in\n each iteration, ultimately exhausting all the available emory on the\n server which can lead to a DoS (Denial Of Service) (CVE-2011-1783). \n \n The mod_dav_svn Apache HTTPD server module may leak to remote users\n the file contents of files configured to be unreadable by those users\n (CVE-2011-1921). \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFN6cg2mqjQ0CJFipgRAqj2AKCRyKt813e0OmWSTU5bL58KCmUwowCfT6RY\nDDOtowgSctAg4EX+tLXIvRQ=\n=zsmM\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\n\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\naddresses the following:\n\nAddress Book\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: An attacker in a privileged network position may intercept\nCardDAV data\nDescription: Address Book supports Secure Sockets Layer (SSL) for\naccessing CardDAV. A downgrade issue caused Address Book to attempt\nan unencrypted connection if an encrypted connection failed. An\nattacker in a privileged network position could abuse this behavior\nto intercept CardDAV data. This issue is addressed by not downgrading\nto an unencrypted connection without user approval. \nCVE-ID\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.21 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/\nCVE-ID\nCVE-2011-3348\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nApache disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by providing a configuration\nparameter to control the countermeasure and enabling it by default. \nCVE-ID\nCVE-2011-3389\n\nCFNetwork\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nthe request to an incorrect origin server. This issue does not affect\nsystems prior to OS X Lion. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCFNetwork\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nunexpected request headers. This issue does not affect systems prior\nto OS X Lion. \nCVE-ID\nCVE-2011-3447 : Erling Ellingsen of Facebook\n\nColorSync\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution\nDescription: An integer overflow existed in the handling of images\nwith an embedded ColorSync profile, which may lead to a heap buffer\noverflow. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-0200 : binaryproof working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreAudio\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Playing maliciously crafted audio content may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of AAC\nencoded audio streams. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreMedia\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in CoreMedia\u0027s handling\nof H.264 encoded movie files. \nCVE-ID\nCVE-2011-3448 : Scott Stender of iSEC Partners\n\nCoreText\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to an unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue existed in the handling of font\nfiles. \nCVE-ID\nCVE-2011-3449 : Will Dormann of the CERT/CC\n\nCoreUI\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a malicious website may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: An unbounded stack allocation issue existed in the\nhandling of long URLs. This issue does not affect systems prior to OS\nX Lion. \nCVE-ID\nCVE-2011-3450 : Ben Syverson\n\ncurl\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: A remote server may be able to impersonate clients via\nGSSAPI requests\nDescription: When doing GSSAPI authentication, libcurl\nunconditionally performs credential delegation. This issue is\naddressed by disabling GSSAPI credential delegation. \nCVE-ID\nCVE-2011-2192\n\nData Security\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: Two certificate authorities in the list of trusted root\ncertificates have independently issued intermediate certificates to\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\nweak keys that it is unable to revoke. An attacker with a privileged\nnetwork position could intercept user credentials or other sensitive\ninformation intended for a site with a certificate issued by DigiCert\nMalaysia. This issue is addressed by configuring default system trust\nsettings so that DigiCert Malaysia\u0027s certificates are not trusted. We\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\nthis issue. \n\ndovecot\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nDovecot disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by enabling the\ncountermeasure. \nCVE-ID\nCVE-2011-3389 : Apple\n\nfilecmds\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Decompressing a maliciously crafted compressed file may lead\nto an unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the \u0027uncompress\u0027 command\nline tool. \nCVE-ID\nCVE-2011-2895\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in ImageIO\u0027s handling of\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in libtiff\u0027s handling of\nThunderScan encoded TIFF images. This issue is address by updating\nlibtiff to version 3.9.5. \nCVE-ID\nCVE-2011-1167\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in libpng 1.5.4\nDescription: libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nInternet Sharing\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: A Wi-Fi network created by Internet Sharing may lose\nsecurity settings after a system update\nDescription: After updating to a version of OS X Lion prior to\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\nto factory defaults, which disables the WEP password. This issue only\naffects systems with Internet Sharing enabled and sharing the\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\nconfiguration during a system update. \nCVE-ID\nCVE-2011-3452 : an anonymous researcher\n\nLibinfo\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in Libinfo\u0027s handling of hostname\nlookup requests. Libinfo could return incorrect results for a\nmaliciously crafted hostname. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3441 : Erling Ellingsen of Facebook\n\nlibresolv\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Applications that use OS X\u0027s libresolv library may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: An integer overflow existed in the parsing of DNS\nresource records, which may lead to heap memory corruption. \nCVE-ID\nCVE-2011-3453 : Ilja van Sprundel of IOActive\n\nlibsecurity\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Some EV certificates may be trusted even if the\ncorresponding root has been marked as untrusted\nDescription: The certificate code trusted a root certificate to sign\nEV certificates if it was on the list of known EV issuers, even if\nthe user had marked it as \u0027Never Trust\u0027 in Keychain. The root would\nnot be trusted to sign non-EV certificates. \nCVE-ID\nCVE-2011-3422 : Alastair Houghton\n\nOpenGL\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Applications that use OS X\u0027s OpenGL implementation may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues existed in the\nhandling of GLSL compilation. \nCVE-ID\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\nMarc Schoenefeld of the Red Hat Security Response Team\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in PHP 5.3.6\nDescription: PHP is updated to version 5.3.8 to address several\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2011-1148\nCVE-2011-1657\nCVE-2011-1938\nCVE-2011-2202\nCVE-2011-2483\nCVE-2011-3182\nCVE-2011-3189\nCVE-2011-3267\nCVE-2011-3268\n\nPHP\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in libpng 1.5.4\nDescription: libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\nan unexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access issue existed in the\nhandling of MP4 encoded files. \nCVE-ID\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\nTippingPoint\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of font\ntables embedded in QuickTime movie files. \nCVE-ID\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An off by one buffer overflow existed in the handling\nof rdrf atoms in QuickTime movie files. \nCVE-ID\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted JPEG2000 image file may lead\nto an unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nfiles. \nCVE-ID\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Processing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PNG files. \nCVE-ID\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of FLC\nencoded movie files\nCVE-ID\nCVE-2011-3249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nSquirrelMail\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in SquirrelMail\nDescription: SquirrelMail is updated to version 1.4.22 to address\nseveral vulnerabilities, the most serious of which is a cross-site\nscripting issue. This issue does not affect OS X Lion systems. \nFurther information is available via the SquirrelMail web site at\nhttp://www.SquirrelMail.org/\nCVE-ID\nCVE-2010-1637\nCVE-2010-2813\nCVE-2010-4554\nCVE-2010-4555\nCVE-2011-2023\n\nSubversion\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Accessing a Subversion repository may lead to the disclosure\nof sensitive information\nDescription: Subversion is updated to version 1.6.17 to address\nmultiple vulnerabilities, the most serious of which may lead to the\ndisclosure of sensitive information. Further information is available\nvia the Subversion web site at http://subversion.tigris.org/\nCVE-ID\nCVE-2011-1752\nCVE-2011-1783\nCVE-2011-1921\n\nTime Machine\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: A remote attacker may access new backups created by the\nuser\u0027s system\nDescription: The user may designate a remote AFP volume or Time\nCapsule to be used for Time Machine backups. Time Machine did not\nverify that the same device was being used for subsequent backup\noperations. An attacker who is able to spoof the remote volume could\ngain access to new backups created by the user\u0027s system. This issue\nis addressed by verifying the unique identifier associated with a\ndisk for backup operations. \nCVE-ID\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\nDresden\n\nTomcat\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Tomcat 6.0.32\nDescription: Tomcat is updated to version 6.0.33 to address multiple\nvulnerabilities, the most serious of which may lead to the disclosure\nof sensitive information. Tomcat is only provided on Mac OS X Server\nsystems. This issue does not affect OS X Lion systems. Further\ninformation is available via the Tomcat site at\nhttp://tomcat.apache.org/\nCVE-ID\nCVE-2011-2204\n\nWebDAV Sharing\nAvailable for: OS X Lion Server v10.7 to v10.7.2\nImpact: Local users may obtain system privileges\nDescription: An issue existed in WebDAV Sharing\u0027s handling of user\nauthentication. A user with a valid account on the server or one of\nits bound directories could cause the execution of arbitrary code\nwith system privileges. This issue does not affect systems prior to\nOS X Lion. \nCVE-ID\nCVE-2011-3463 : Gordon Davisson of Crywolf\n\nWebmail\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted e-mail message may lead to the\ndisclosure of message content\nDescription: A cross-site scripting vulnerability existed in the\nhandling of mail messages. This issue is addressed by updating\nRoundcube Webmail to version 0.6. This issue does not affect systems\nprior to OS X Lion. Further information is available via the\nRoundcube site at http://trac.roundcube.net/\nCVE-ID\nCVE-2011-2937\n\nX11\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\nthe Software Update pane in System Preferences, or Apple\u0027s Software\nDownloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nSecurity Update 2021-001 or OS X v10.7.3. \n\nFor OS X Lion v10.7.2\nThe download file is named: MacOSXUpd10.7.3.dmg\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\n\nFor OS X Lion v10.7 and v10.7.1\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\n\nFor OS X Lion Server v10.7.2\nThe download file is named: MacOSXServerUpd10.7.3.dmg\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\n\nFor OS X Lion Server v10.7 and v10.7.1\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-001Snow.dmg\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-001.dmg\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\n=c1eU\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Subversion mod_dav_svn Two Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44681\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44681/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681\n\nRELEASE DATE:\n2011-06-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44681/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44681/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Apache Subversion, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Reported by the vendor\n2) The vendor credits Ivan Zhakov, VisualSVN. \n\nORIGINAL ADVISORY:\nhttp://subversion.apache.org/security/CVE-2011-1752-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1783-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1921-advisory.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201309-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Subversion: Multiple vulnerabilities\n Date: September 23, 2013\n Bugs: #350166, #356741, #369065, #463728, #463860, #472202, #482166\n ID: 201309-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion, allowing\nattackers to cause a Denial of Service, escalate privileges, or obtain\nsensitive information. \n\nBackground\n==========\n\nSubversion is a versioning system designed to be a replacement for CVS. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.7.13 \u003e= 1.7.13\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion. Please\nreview the CVE identifiers referenced below for details. A local attacker could escalate his privileges\nto the user running svnserve. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.7.13\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-4539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539\n[ 2 ] CVE-2010-4644\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644\n[ 3 ] CVE-2011-0715\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715\n[ 4 ] CVE-2011-1752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752\n[ 5 ] CVE-2011-1783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783\n[ 6 ] CVE-2011-1921\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921\n[ 7 ] CVE-2013-1845\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845\n[ 8 ] CVE-2013-1846\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846\n[ 9 ] CVE-2013-1847\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847\n[ 10 ] CVE-2013-1849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849\n[ 11 ] CVE-2013-1884\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884\n[ 12 ] CVE-2013-1968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968\n[ 13 ] CVE-2013-2088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088\n[ 14 ] CVE-2013-2112\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112\n[ 15 ] CVE-2013-4131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131\n[ 16 ] CVE-2013-4277\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201309-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2011:0862-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-0862.html\nIssue date: 2011-06-08\nCVE Names: CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access to\nSubversion repositories via HTTP. \n\nAn infinite loop flaw was found in the way the mod_dav_svn module processed\ncertain data sets. If the SVNPathAuthz directive was set to\n\"short_circuit\", and path-based access control for files and directories\nwas enabled, a malicious, remote user could use this flaw to cause the\nhttpd process serving the request to consume an excessive amount of system\nmemory. (CVE-2011-1783)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn module\nprocessed requests submitted against the URL of a baselined resource. A\nmalicious, remote user could use this flaw to cause the httpd process\nserving the request to crash. (CVE-2011-1752)\n\nAn information disclosure flaw was found in the way the mod_dav_svn\nmodule processed certain URLs when path-based access control for files and\ndirectories was enabled. A malicious, remote user could possibly use this\nflaw to access certain files in a repository that would otherwise not be\naccessible to them. Note: This vulnerability cannot be triggered if the\nSVNPathAuthz directive is set to \"short_circuit\". Upstream acknowledges Joe Schaefer of the Apache Software\nFoundation as the original reporter of CVE-2011-1752; Ivan Zhakov of\nVisualSVN as the original reporter of CVE-2011-1783; and Kamesh\nJayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921. \n\nAll Subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, you must restart the httpd daemon, if you are using\nmod_dav_svn, for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n709111 - CVE-2011-1752 subversion (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources\n709112 - CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control\n709114 - CVE-2011-1921 subversion (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users\n\n6. Package List:\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-7.el5_6.4.i386.rpm\nsubversion-1.6.11-7.el5_6.4.i386.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm\nsubversion-devel-1.6.11-7.el5_6.4.i386.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.i386.rpm\nsubversion-perl-1.6.11-7.el5_6.4.i386.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.i386.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-1.6.11-7.el5_6.4.i386.rpm\nsubversion-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-devel-1.6.11-7.el5_6.4.i386.rpm\nsubversion-devel-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-perl-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-7.el5_6.4.i386.rpm\nsubversion-1.6.11-7.el5_6.4.i386.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm\nsubversion-devel-1.6.11-7.el5_6.4.i386.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.i386.rpm\nsubversion-perl-1.6.11-7.el5_6.4.i386.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.i386.rpm\n\nia64:\nmod_dav_svn-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-devel-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-perl-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.ia64.rpm\n\nppc:\nmod_dav_svn-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-1.6.11-7.el5_6.4.ppc64.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.ppc64.rpm\nsubversion-devel-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-devel-1.6.11-7.el5_6.4.ppc64.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-perl-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.ppc.rpm\n\ns390x:\nmod_dav_svn-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-1.6.11-7.el5_6.4.s390.rpm\nsubversion-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.s390.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-devel-1.6.11-7.el5_6.4.s390.rpm\nsubversion-devel-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-perl-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-1.6.11-7.el5_6.4.i386.rpm\nsubversion-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-devel-1.6.11-7.el5_6.4.i386.rpm\nsubversion-devel-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-perl-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\n\nppc64:\nmod_dav_svn-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-1.6.11-2.el6_1.4.s390.rpm\nsubversion-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm\n\nppc64:\nsubversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-devel-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-kde-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-perl-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.ppc64.rpm\n\ns390x:\nsubversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-devel-1.6.11-2.el6_1.4.s390.rpm\nsubversion-devel-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.s390.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.s390.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-kde-1.6.11-2.el6_1.4.s390.rpm\nsubversion-kde-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-perl-1.6.11-2.el6_1.4.s390.rpm\nsubversion-perl-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.s390.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.s390x.rpm\n\nx86_64:\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm\n\nx86_64:\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-1752.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1783.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1921.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://subversion.apache.org/security/CVE-2011-1783-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1752-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1921-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u0026lt;secalert@redhat.com\u0026gt;. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFN75utXlSAg2UNWIIRAuXgAJ9fhhY1xxC7jRZbLGZA6ENr3dnTBQCgkdf0\nJ9nA8MJRlM/XVtyj3mbVErg=\n=jujC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2011-1752\n\n The mod_dav_svn Apache HTTPD server module can be crashed though\n when asked to deliver baselined WebDAV resources. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-7. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-6. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.17dfsg-1",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1783"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "101948"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-1783",
"trust": 3.4
},
{
"db": "BID",
"id": "48091",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "44681",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1025618",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "44633",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44849",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44888",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45162",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-49728",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102004",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109373",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101937",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123358",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102118",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101948",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"id": "VAR-201106-0192",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:13:11.130000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "subversion-1.6.11-7.AXS3.4",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1454"
},
{
"title": "RHSA-2011:0862",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0862.html"
},
{
"title": "CVE-2011-1783-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2011-1783-advisory.txt"
},
{
"title": "Subversion 1.6.17 Released",
"trust": 0.8,
"url": "http://svn.haxx.se/dev/archive-2011-06/0030.shtml"
},
{
"title": "Apache Subversion mod_dav_svn Repair measures for infinite loop loopholes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129503"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/44681"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/48091"
},
{
"trust": 2.2,
"url": "http://subversion.apache.org/security/cve-2011-1783-advisory.txt"
},
{
"trust": 1.8,
"url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/changes"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1025618"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44633"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44849"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44888"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/45162"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2251"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-july/062211.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-june/061913.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:106"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0862.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1144-1"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5130"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709112"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18889"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1783"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1783"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id/1025618"
},
{
"trust": 0.5,
"url": "http://subversion.apache.org/security/cve-2011-1752-advisory.txt"
},
{
"trust": 0.5,
"url": "http://subversion.apache.org/security/cve-2011-1921-advisory.txt"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1752"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1783"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1921"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100141174"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1921"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1752"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "http://www.php.net"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0200"
},
{
"trust": 0.1,
"url": "http://trac.roundcube.net/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3256"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
},
{
"trust": 0.1,
"url": "http://www.freetype.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0241"
},
{
"trust": 0.1,
"url": "http://www.squirrelmail.org/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1657"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1637"
},
{
"trust": 0.1,
"url": "http://subversion.tigris.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3189"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44681/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44681/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1849"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1846"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4277"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2088"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4539"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1849"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0715"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4644"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1847"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1845"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1884"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1921"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4644"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201309-11.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4277"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1783"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1752.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1783.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0862.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1921.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-06T00:00:00",
"db": "VULHUB",
"id": "VHN-49728"
},
{
"date": "2011-06-02T00:00:00",
"db": "BID",
"id": "48091"
},
{
"date": "2011-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"date": "2011-06-04T16:01:34",
"db": "PACKETSTORM",
"id": "102004"
},
{
"date": "2012-02-03T00:24:52",
"db": "PACKETSTORM",
"id": "109373"
},
{
"date": "2011-06-02T05:38:07",
"db": "PACKETSTORM",
"id": "101937"
},
{
"date": "2013-09-23T22:22:00",
"db": "PACKETSTORM",
"id": "123358"
},
{
"date": "2011-06-09T15:11:39",
"db": "PACKETSTORM",
"id": "102118"
},
{
"date": "2010-06-02T12:12:00",
"db": "PACKETSTORM",
"id": "101948"
},
{
"date": "2011-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"date": "2011-06-06T19:55:01.940000",
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49728"
},
{
"date": "2015-05-07T17:04:00",
"db": "BID",
"id": "48091"
},
{
"date": "2011-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"date": "2020-10-05T19:05:44.950000",
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion Used in Apache HTTP Server Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
}
],
"trust": 0.6
}
}
VAR-201504-0064
Vulnerability from variot - Updated: 2024-07-23 19:54The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. Apache Subversion is prone to multiple denial-of-service vulnerabilities. An attacker may exploit these issues to crash the affected application, resulting in a denial-of-service condition. The system is compatible with the Concurrent Versions System (CVS). A security vulnerability exists in the mod_dav_svn and svnserve servers of Subversion versions 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11.
For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u9.
For the upcoming stable distribution (jessie), these problems have been fixed in version 1.8.10-6.
For the unstable distribution (sid), these problems have been fixed in version 1.8.10-6. ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580)
It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108)
Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)
Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0248)
Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)
C. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1
Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5
In general, a standard system update will make all the necessary changes.
The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed. The verification of md5 checksums and GPG signatures is performed automatically for you.
Gentoo Linux Security Advisory GLSA 201610-05
https://security.gentoo.org/
Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05
Synopsis
Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code.
Background
Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.
The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
[ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-09-16-2 Xcode 7.0
Xcode 7.0 is now available and addresses the following:
DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation
IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. These issues were addressed by updating openssl to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree
subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.0".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV+axlAAoJEBcWfLTuOo7tzuMQAJhCQaeClT0rDozh+WlKgM6f X86xFeXLJ1gjlPKH183Bvm2gTW0m5kQuoNK1grarMB+rEeb8mPsOczwrIJisxVlr 5zkW/7JktHcsBU5vUa4j4T/CEJjp92VPZ4ub3k3eQOrhinn4E86uKcMxrYoQOAE0 YFMSDaPBFy+LIJ08ROB/AH8fkGJMLRCRAp43IGgzNuxCDx9jzW97m1dh86mR1CxP GdhWRvN7T5YqXyJTw6pZbEHtVXjty8appe2ScvHByCRxa4gZq+/JinHInLjaB4p7 3o58rAWh7lDhcEi3HqkIu0YW6fLslPydCHTI4cH1PCHTuevNjjvK34IqMbD0jG/t tO+vQFhwXpD5chsSB2oP2zLOWAJ7BA5uwvArkJhGKKzQ5DEI0soLBWG7Koe3RitO HokIMyx0r+sf4YD+OP4RVPU9bU4FpayXZnECmHzWmK2vguihbIzjxq+Knvx7aiF9 js1Qn0DxT2puVYdhixtkvYKT7r8XRjI8MPLEwS+tX1Yg1Lqhz2G1MR6mO9iBW56L g5deOuCVc56qeaobuUK0clvdFYtyd5jIXgh0zspZ4ssCbbdCOTZUQaG1mBGkIf3R JgWTX8ny1Fdk9om3dmZVWUCzzqxJR/tm5M7kjGc425ZGaoBRWLga1VIjNz7MEfKS YMBNmqt6weEewNqyDMnX =SGgX -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:1742-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html Issue date: 2015-09-08 CVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 =====================================================================
- Summary:
Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248)
It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184)
It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251)
It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187)
Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
ppc64: mod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm subversion-1.7.14-7.el7_1.1.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-libs-1.7.14-7.el7_1.1.ppc.rpm subversion-libs-1.7.14-7.el7_1.1.ppc64.rpm
s390x: mod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm subversion-1.7.14-7.el7_1.1.s390x.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-libs-1.7.14-7.el7_1.1.s390.rpm subversion-libs-1.7.14-7.el7_1.1.s390x.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.ael7b_1.1.src.rpm
ppc64le: mod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: subversion-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-devel-1.7.14-7.el7_1.1.ppc.rpm subversion-devel-1.7.14-7.el7_1.1.ppc64.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm subversion-kde-1.7.14-7.el7_1.1.ppc.rpm subversion-kde-1.7.14-7.el7_1.1.ppc64.rpm subversion-perl-1.7.14-7.el7_1.1.ppc.rpm subversion-perl-1.7.14-7.el7_1.1.ppc64.rpm subversion-python-1.7.14-7.el7_1.1.ppc64.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm subversion-tools-1.7.14-7.el7_1.1.ppc64.rpm
s390x: subversion-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-devel-1.7.14-7.el7_1.1.s390.rpm subversion-devel-1.7.14-7.el7_1.1.s390x.rpm subversion-gnome-1.7.14-7.el7_1.1.s390.rpm subversion-gnome-1.7.14-7.el7_1.1.s390x.rpm subversion-javahl-1.7.14-7.el7_1.1.s390.rpm subversion-javahl-1.7.14-7.el7_1.1.s390x.rpm subversion-kde-1.7.14-7.el7_1.1.s390.rpm subversion-kde-1.7.14-7.el7_1.1.s390x.rpm subversion-perl-1.7.14-7.el7_1.1.s390.rpm subversion-perl-1.7.14-7.el7_1.1.s390x.rpm subversion-python-1.7.14-7.el7_1.1.s390x.rpm subversion-ruby-1.7.14-7.el7_1.1.s390.rpm subversion-ruby-1.7.14-7.el7_1.1.s390x.rpm subversion-tools-1.7.14-7.el7_1.1.s390x.rpm
x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0248 https://access.redhat.com/security/cve/CVE-2015-0251 https://access.redhat.com/security/cve/CVE-2015-3184 https://access.redhat.com/security/cve/CVE-2015-3187 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2015-0248-advisory.txt https://subversion.apache.org/security/CVE-2015-3184-advisory.txt https://subversion.apache.org/security/CVE-2015-0251-advisory.txt https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b KVJwbobNcmPzKule+9U7RnM= =F2J4 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.23"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7.z"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.6.0 to 1.7.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.0 to 1.8.11"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.0 (os x yosemite v10.10.4 or later )"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.22"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.8.13"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.20"
}
],
"sources": [
{
"db": "BID",
"id": "74260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JPCERT/CC notified CISA of these vulnerabilities.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
}
],
"trust": 0.6
},
"cve": "CVE-2015-0248",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0248",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78194",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0248",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-099",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78194",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0248",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. Apache Subversion is prone to multiple denial-of-service vulnerabilities. \nAn attacker may exploit these issues to crash the affected application, resulting in a denial-of-service condition. The system is compatible with the Concurrent Versions System (CVS). A security vulnerability exists in the mod_dav_svn and svnserve servers of Subversion versions 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.17dfsg-4+deb7u9. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.8.10-6. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.10-6. ============================================================================\nUbuntu Security Notice USN-2721-1\nAugust 20, 2015\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2014-3580)\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled requests requiring a lookup for a virtual transaction name that\ndoes not exist. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-8108)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly\nhandled large numbers of REPORT requests. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve\nmodules incorrectly certain crafted parameter combinations. (CVE-2015-0248)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module incorrectly\nhandled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)\n\nC. A remote attacker could use this\nissue to read hidden files via the path name. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based\nauthorization. A remote attacker could use this issue to obtain sensitive\npath information. (CVE-2015-3187)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libapache2-svn 1.8.10-5ubuntu1.1\n libsvn1 1.8.10-5ubuntu1.1\n subversion 1.8.10-5ubuntu1.1\n\nUbuntu 14.04 LTS:\n libapache2-svn 1.8.8-1ubuntu3.2\n libsvn1 1.8.8-1ubuntu3.2\n subversion 1.8.8-1ubuntu3.2\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.5\n libsvn1 1.6.17dfsg-3ubuntu3.5\n subversion 1.6.17dfsg-3ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. \n \n The updated packages have been upgraded to the 1.7.20 and 1.8.13\n versions where these security flaws has been fixed. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201610-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Subversion, Serf: Multiple Vulnerabilities\n Date: October 11, 2016\n Bugs: #500482, #518716, #519202, #545348, #556076, #567810,\n #581448, #586046\n ID: 201610-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion and Serf, the\nworst of which could lead to execution of arbitrary code. \n\nBackground\n==========\n\nSubversion is a version control system intended to eventually replace\nCVS. Like CVS, it has an optional client-server architecture (where the\nserver can be an Apache server running mod_svn, or an ssh program as in\nCVS\u0027s :ext: method). In addition to supporting the features found in\nCVS, Subversion also provides support for moving and copying files and\ndirectories. \n\nThe serf library is a high performance C-based HTTP client library\nbuilt upon the Apache Portable Runtime (APR) library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.9.4 \u003e= 1.9.4\n *\u003e 1.8.16\n 2 net-libs/serf \u003c 1.3.7 \u003e= 1.3.7\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. \nPlease review the CVE identifiers referenced below for details\n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, conduct a man-in-the-middle attack, obtain\nsensitive information, or cause a Denial of Service Condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.9.4\"\n\nAll Serf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/serf-1.3.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032\n[ 2 ] CVE-2014-3504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504\n[ 3 ] CVE-2014-3522\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522\n[ 4 ] CVE-2014-3528\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528\n[ 5 ] CVE-2015-0202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202\n[ 6 ] CVE-2015-0248\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248\n[ 7 ] CVE-2015-0251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251\n[ 8 ] CVE-2015-3184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184\n[ 9 ] CVE-2015-3187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187\n[ 10 ] CVE-2015-5259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259\n[ 11 ] CVE-2016-2167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167\n[ 12 ] CVE-2016-2168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-2 Xcode 7.0\n\nXcode 7.0 is now available and addresses the following:\n\nDevTools\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker may be able to bypass access restrictions\nDescription: An API issue existed in the apache configuration. \nCVE-ID\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\n\nIDE Xcode Server\nAvailable for: OS X Yosemite 10.10 or later\nImpact: An attacker may be able to access restricted parts of the\nfilesystem\nDescription: A comparison issue existed in the node.js send module\nprior to version 0.8.4. This issue was addressed by upgrading to\nversion 0.12.3. \nCVE-ID\nCVE-2014-6394 : Ilya Kantor\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilties in OpenSSL\nDescription: Multiple vulnerabilties existed in the node.js OpenSSL\nmodule prior to version 1.0.1j. These issues were addressed by\nupdating openssl to version 1.0.1j. \nCVE-ID\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker with a privileged network position may be able\nto inspect traffic to Xcode Server\nDescription: Connections to Xcode Server may have been made without\nencryption. This issue was addressed through improved network\nconnection logic. \nCVE-ID\nCVE-2015-5910 : an anonymous researcher\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Build notifications may be sent to unintended recipients\nDescription: An access issue existed in the handling of repository\nemail lists. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\nAnchorfree\n\nsubversion\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities existed in svn versions prior to\n1.7.19\nDescription: Multiple vulnerabilities existed in svn versions prior\nto 1.7.19. These issues were addressed by updating svn to version\n1.7.20. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+axlAAoJEBcWfLTuOo7tzuMQAJhCQaeClT0rDozh+WlKgM6f\nX86xFeXLJ1gjlPKH183Bvm2gTW0m5kQuoNK1grarMB+rEeb8mPsOczwrIJisxVlr\n5zkW/7JktHcsBU5vUa4j4T/CEJjp92VPZ4ub3k3eQOrhinn4E86uKcMxrYoQOAE0\nYFMSDaPBFy+LIJ08ROB/AH8fkGJMLRCRAp43IGgzNuxCDx9jzW97m1dh86mR1CxP\nGdhWRvN7T5YqXyJTw6pZbEHtVXjty8appe2ScvHByCRxa4gZq+/JinHInLjaB4p7\n3o58rAWh7lDhcEi3HqkIu0YW6fLslPydCHTI4cH1PCHTuevNjjvK34IqMbD0jG/t\ntO+vQFhwXpD5chsSB2oP2zLOWAJ7BA5uwvArkJhGKKzQ5DEI0soLBWG7Koe3RitO\nHokIMyx0r+sf4YD+OP4RVPU9bU4FpayXZnECmHzWmK2vguihbIzjxq+Knvx7aiF9\njs1Qn0DxT2puVYdhixtkvYKT7r8XRjI8MPLEwS+tX1Yg1Lqhz2G1MR6mO9iBW56L\ng5deOuCVc56qeaobuUK0clvdFYtyd5jIXgh0zspZ4ssCbbdCOTZUQaG1mBGkIf3R\nJgWTX8ny1Fdk9om3dmZVWUCzzqxJR/tm5M7kjGc425ZGaoBRWLga1VIjNz7MEfKS\nYMBNmqt6weEewNqyDMnX\n=SGgX\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:1742-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html\nIssue date: 2015-09-08\nCVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 \n CVE-2015-3187 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. (CVE-2015-0248)\n\nIt was found that the mod_authz_svn module did not properly restrict\nanonymous access to Subversion repositories under certain configurations\nwhen used with Apache httpd 2.4.x. This could allow a user to anonymously\naccess files in a Subversion repository, which should only be accessible to\nauthenticated users. (CVE-2015-3184)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property. \n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael\nPilato of CollabNet as the original reporter of CVE-2015-3184 and\nCVE-2015-3187 flaws. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nppc64:\nmod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-libs-1.7.14-7.el7_1.1.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-libs-1.7.14-7.el7_1.1.s390.rpm\nsubversion-libs-1.7.14-7.el7_1.1.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.ael7b_1.1.src.rpm\n\nppc64le:\nmod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsubversion-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-devel-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-kde-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-perl-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-python-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.ppc64.rpm\n\ns390x:\nsubversion-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-devel-1.7.14-7.el7_1.1.s390.rpm\nsubversion-devel-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.s390.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.s390.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-kde-1.7.14-7.el7_1.1.s390.rpm\nsubversion-kde-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-perl-1.7.14-7.el7_1.1.s390.rpm\nsubversion-perl-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-python-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.s390.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-tools-1.7.14-7.el7_1.1.s390x.rpm\n\nx86_64:\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nsubversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0248\nhttps://access.redhat.com/security/cve/CVE-2015-0251\nhttps://access.redhat.com/security/cve/CVE-2015-3184\nhttps://access.redhat.com/security/cve/CVE-2015-3187\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2015-0248-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3184-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-0251-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3187-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b\nKVJwbobNcmPzKule+9U7RnM=\n=F2J4\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "BID",
"id": "74260"
},
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "PACKETSTORM",
"id": "133473"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0248",
"trust": 3.5
},
{
"db": "BID",
"id": "74260",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1033214",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99970459",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-123-01",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050403",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "133473",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131562",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "133096",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-78194",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0248",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133236",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133617",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "BID",
"id": "74260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"id": "VAR-201504-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:54:43.473000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-09-16-2 Xcode 7.0",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
},
{
"title": "HT205217",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205217"
},
{
"title": "HT205217",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205217"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "RHSA-2015:1633",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1633.html"
},
{
"title": "CVE-2015-0248-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2015-0248-advisory.txt"
},
{
"title": "subversion-1.7.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54876"
},
{
"title": "subversion-1.8.13",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54880"
},
{
"title": "subversion-1.8.13",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54879"
},
{
"title": "subversion-1.7.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54878"
},
{
"title": "subversion-1.7.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54877"
},
{
"title": "subversion-1.8.13",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54881"
},
{
"title": "Debian Security Advisories: DSA-3231-1 subversion -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9dd5c0c7b53a0f19f49a9b42677637fd"
},
{
"title": "Red Hat: CVE-2015-0248",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0248"
},
{
"title": "Amazon Linux AMI: ALAS-2015-587",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-587"
},
{
"title": "Apple: Xcode 7.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=768a45894d5a25fbf47fbec8f017a52b"
},
{
"title": "Ubuntu Security Notice: subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2721-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://subversion.apache.org/security/cve-2015-0248-advisory.txt"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1742.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74260"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2721-1"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht205217"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2015/dsa-3231"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:192"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1633.html"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033214"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0248"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99970459/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0248"
},
{
"trust": 0.8,
"url": "http://www.mandriva.com/en/support/security/advisories/advisory/mdvsa-2015:192/?name=mdvsa-2015:192"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050403"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-123-01"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0248"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://subversion.apache.org/security/cve-2015-0251-advisory.txt"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-3231"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2721-1/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://subversion.apache.org/security/cve-2015-0202-advisory.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5259"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2167"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2015-3187-advisory.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2015-3184-advisory.txt"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "BID",
"id": "74260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "BID",
"id": "74260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78194"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"date": "2015-04-13T00:00:00",
"db": "BID",
"id": "74260"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"date": "2015-04-22T00:38:50",
"db": "PACKETSTORM",
"id": "131562"
},
{
"date": "2015-08-21T16:59:18",
"db": "PACKETSTORM",
"id": "133236"
},
{
"date": "2015-04-03T15:47:42",
"db": "PACKETSTORM",
"id": "131276"
},
{
"date": "2016-10-12T04:50:20",
"db": "PACKETSTORM",
"id": "139060"
},
{
"date": "2015-09-19T15:31:48",
"db": "PACKETSTORM",
"id": "133617"
},
{
"date": "2015-09-08T15:47:21",
"db": "PACKETSTORM",
"id": "133473"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"date": "2015-04-08T18:59:01.827000",
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-78194"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "74260"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"date": "2018-10-30T16:27:35.843000",
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Subversion of mod_dav_svn and svnserve Service disruption at the server (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
}
],
"trust": 0.6
}
}
VAR-201408-0079
Vulnerability from variot - Updated: 2024-07-23 19:42Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion is prone to an insecure authentication weakness. This may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). ============================================================================ Ubuntu Security Notice USN-2316-1 August 14, 2014
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032)
Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3522)
Bert Huijben discovered that Subversion did not properly handle cached credentials. (CVE-2014-3528)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libsvn1 1.8.8-1ubuntu3.1 subversion 1.8.8-1ubuntu3.1
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.4 libsvn1 1.6.17dfsg-3ubuntu3.4 subversion 1.6.17dfsg-3ubuntu3.4
In general, a standard system update will make all the necessary changes.
Gentoo Linux Security Advisory GLSA 201610-05
https://security.gentoo.org/
Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05
Synopsis
Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code.
Background
Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.
The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
[ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. 6) - i386, noarch, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 =====================================================================
- Summary:
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-3528)
Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
ppc64: mod_dav_svn-1.7.14-7.el7_0.ppc64.rpm subversion-1.7.14-7.el7_0.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-libs-1.7.14-7.el7_0.ppc.rpm subversion-libs-1.7.14-7.el7_0.ppc64.rpm
s390x: mod_dav_svn-1.7.14-7.el7_0.s390x.rpm subversion-1.7.14-7.el7_0.s390x.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-libs-1.7.14-7.el7_0.s390.rpm subversion-libs-1.7.14-7.el7_0.s390x.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: subversion-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-devel-1.7.14-7.el7_0.ppc.rpm subversion-devel-1.7.14-7.el7_0.ppc64.rpm subversion-gnome-1.7.14-7.el7_0.ppc.rpm subversion-gnome-1.7.14-7.el7_0.ppc64.rpm subversion-javahl-1.7.14-7.el7_0.ppc.rpm subversion-javahl-1.7.14-7.el7_0.ppc64.rpm subversion-kde-1.7.14-7.el7_0.ppc.rpm subversion-kde-1.7.14-7.el7_0.ppc64.rpm subversion-perl-1.7.14-7.el7_0.ppc.rpm subversion-perl-1.7.14-7.el7_0.ppc64.rpm subversion-python-1.7.14-7.el7_0.ppc64.rpm subversion-ruby-1.7.14-7.el7_0.ppc.rpm subversion-ruby-1.7.14-7.el7_0.ppc64.rpm subversion-tools-1.7.14-7.el7_0.ppc64.rpm
s390x: subversion-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-devel-1.7.14-7.el7_0.s390.rpm subversion-devel-1.7.14-7.el7_0.s390x.rpm subversion-gnome-1.7.14-7.el7_0.s390.rpm subversion-gnome-1.7.14-7.el7_0.s390x.rpm subversion-javahl-1.7.14-7.el7_0.s390.rpm subversion-javahl-1.7.14-7.el7_0.s390x.rpm subversion-kde-1.7.14-7.el7_0.s390.rpm subversion-kde-1.7.14-7.el7_0.s390x.rpm subversion-perl-1.7.14-7.el7_0.s390.rpm subversion-perl-1.7.14-7.el7_0.s390x.rpm subversion-python-1.7.14-7.el7_0.s390x.rpm subversion-ruby-1.7.14-7.el7_0.s390.rpm subversion-ruby-1.7.14-7.el7_0.s390x.rpm subversion-tools-1.7.14-7.el7_0.s390x.rpm
x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/cve/CVE-2014-8108 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt https://subversion.apache.org/security/CVE-2014-8108-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll KM6EsnQkXd09uLTe1k+tQaU= =CuZg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache Subversion to version 1.7.19. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108
Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial
Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "6.2". The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUBaOGmqjQ0CJFipgRAk32AKDCwQsio9x3WrZnKNy1MOf5LDvJ3gCgtS3Q ct3IdlMq1mqCiZSzQ2T4hcg= =M9D+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6.z"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.4"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.19"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.23"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.8"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.x"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.4 or later )"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.0.0 from 1.7.x"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "12.04 lts"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
}
],
"sources": [
{
"db": "BID",
"id": "68995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bert Huijben",
"sources": [
{
"db": "BID",
"id": "68995"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3528",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-71468",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3528",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71468",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3528",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion is prone to an insecure authentication weakness. This may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). ============================================================================\nUbuntu Security Notice USN-2316-1\nAugust 14, 2014\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nLieven Govaerts discovered that the Subversion mod_dav_svn module\nincorrectly handled certain request methods when SVNListParentPath was\nenabled. This issue only affected Ubuntu\n12.04 LTS. (CVE-2014-0032)\n\nBen Reser discovered that Subversion did not correctly validate SSL\ncertificates containing wildcards. A remote attacker could exploit this to\nperform a man in the middle attack to view sensitive information or alter\nencrypted communications. (CVE-2014-3522)\n\nBert Huijben discovered that Subversion did not properly handle cached\ncredentials. (CVE-2014-3528)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libsvn1 1.8.8-1ubuntu3.1\n subversion 1.8.8-1ubuntu3.1\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.4\n libsvn1 1.6.17dfsg-3ubuntu3.4\n subversion 1.6.17dfsg-3ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201610-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Subversion, Serf: Multiple Vulnerabilities\n Date: October 11, 2016\n Bugs: #500482, #518716, #519202, #545348, #556076, #567810,\n #581448, #586046\n ID: 201610-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion and Serf, the\nworst of which could lead to execution of arbitrary code. \n\nBackground\n==========\n\nSubversion is a version control system intended to eventually replace\nCVS. Like CVS, it has an optional client-server architecture (where the\nserver can be an Apache server running mod_svn, or an ssh program as in\nCVS\u0027s :ext: method). In addition to supporting the features found in\nCVS, Subversion also provides support for moving and copying files and\ndirectories. \n\nThe serf library is a high performance C-based HTTP client library\nbuilt upon the Apache Portable Runtime (APR) library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.9.4 \u003e= 1.9.4\n *\u003e 1.8.16\n 2 net-libs/serf \u003c 1.3.7 \u003e= 1.3.7\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. \nPlease review the CVE identifiers referenced below for details\n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, conduct a man-in-the-middle attack, obtain\nsensitive information, or cause a Denial of Service Condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.9.4\"\n\nAll Serf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/serf-1.3.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032\n[ 2 ] CVE-2014-3504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504\n[ 3 ] CVE-2014-3522\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522\n[ 4 ] CVE-2014-3528\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528\n[ 5 ] CVE-2015-0202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202\n[ 6 ] CVE-2015-0248\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248\n[ 7 ] CVE-2015-0251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251\n[ 8 ] CVE-2015-3184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184\n[ 9 ] CVE-2015-3187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187\n[ 10 ] CVE-2015-5259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259\n[ 11 ] CVE-2016-2167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167\n[ 12 ] CVE-2016-2168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. 6) - i386, noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:0166-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html\nIssue date: 2015-02-10\nCVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP. \n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn module\nhandled REPORT requests. A remote, unauthenticated attacker could use a\nspecially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn module\nhandled certain requests for URIs that trigger a lookup of a virtual\ntransaction name. A remote, unauthenticated attacker could send a request\nfor a virtual transaction name that does not exist, causing mod_dav_svn to\ncrash. (CVE-2014-3528)\n\nRed Hat would like to thank the Subversion project for reporting\nCVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of\nVisualSVN as the original reporter. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision\n1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests\n1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nppc64:\nmod_dav_svn-1.7.14-7.el7_0.ppc64.rpm\nsubversion-1.7.14-7.el7_0.ppc64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm\nsubversion-libs-1.7.14-7.el7_0.ppc.rpm\nsubversion-libs-1.7.14-7.el7_0.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.7.14-7.el7_0.s390x.rpm\nsubversion-1.7.14-7.el7_0.s390x.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390x.rpm\nsubversion-libs-1.7.14-7.el7_0.s390.rpm\nsubversion-libs-1.7.14-7.el7_0.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsubversion-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm\nsubversion-devel-1.7.14-7.el7_0.ppc.rpm\nsubversion-devel-1.7.14-7.el7_0.ppc64.rpm\nsubversion-gnome-1.7.14-7.el7_0.ppc.rpm\nsubversion-gnome-1.7.14-7.el7_0.ppc64.rpm\nsubversion-javahl-1.7.14-7.el7_0.ppc.rpm\nsubversion-javahl-1.7.14-7.el7_0.ppc64.rpm\nsubversion-kde-1.7.14-7.el7_0.ppc.rpm\nsubversion-kde-1.7.14-7.el7_0.ppc64.rpm\nsubversion-perl-1.7.14-7.el7_0.ppc.rpm\nsubversion-perl-1.7.14-7.el7_0.ppc64.rpm\nsubversion-python-1.7.14-7.el7_0.ppc64.rpm\nsubversion-ruby-1.7.14-7.el7_0.ppc.rpm\nsubversion-ruby-1.7.14-7.el7_0.ppc64.rpm\nsubversion-tools-1.7.14-7.el7_0.ppc64.rpm\n\ns390x:\nsubversion-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390x.rpm\nsubversion-devel-1.7.14-7.el7_0.s390.rpm\nsubversion-devel-1.7.14-7.el7_0.s390x.rpm\nsubversion-gnome-1.7.14-7.el7_0.s390.rpm\nsubversion-gnome-1.7.14-7.el7_0.s390x.rpm\nsubversion-javahl-1.7.14-7.el7_0.s390.rpm\nsubversion-javahl-1.7.14-7.el7_0.s390x.rpm\nsubversion-kde-1.7.14-7.el7_0.s390.rpm\nsubversion-kde-1.7.14-7.el7_0.s390x.rpm\nsubversion-perl-1.7.14-7.el7_0.s390.rpm\nsubversion-perl-1.7.14-7.el7_0.s390x.rpm\nsubversion-python-1.7.14-7.el7_0.s390x.rpm\nsubversion-ruby-1.7.14-7.el7_0.s390.rpm\nsubversion-ruby-1.7.14-7.el7_0.s390x.rpm\nsubversion-tools-1.7.14-7.el7_0.s390x.rpm\n\nx86_64:\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3528\nhttps://access.redhat.com/security/cve/CVE-2014-3580\nhttps://access.redhat.com/security/cve/CVE-2014-8108\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2014-3528-advisory.txt\nhttps://subversion.apache.org/security/CVE-2014-3580-advisory.txt\nhttps://subversion.apache.org/security/CVE-2014-8108-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll\nKM6EsnQkXd09uLTe1k+tQaU=\n=CuZg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThese issues were addressed by updating Apache Subversion to version\n1.7.19. \nCVE-ID\nCVE-2014-3522\nCVE-2014-3528\nCVE-2014-3580\nCVE-2014-8108\n\nGit\nAvailable for: OS X Mavericks v10.9.4 or later\nImpact: Synching with a malicious git repository may allow\nunexpected files to be added to the .git folder\nDescription: The checks involved in disallowed paths did not account\nfor case insensitivity or unicode characters. This issue was\naddressed by adding additional checks. \nCVE-ID\nCVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of\nMercurial\n\nXcode 6.2 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"6.2\". The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUBaOGmqjQ0CJFipgRAk32AKDCwQsio9x3WrZnKNy1MOf5LDvJ3gCgtS3Q\nct3IdlMq1mqCiZSzQ2T4hcg=\n=M9D+\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3528"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "BID",
"id": "68995"
},
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "128073"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71468",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3528",
"trust": 3.5
},
{
"db": "BID",
"id": "68995",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "60722",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "59432",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "59584",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU90171154",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "130344",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128073",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130349",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71468",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3528",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127874",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130744",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "BID",
"id": "68995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "128073"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"id": "VAR-201408-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:42:10.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2014-3528-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2014-3528-advisory.txt"
},
{
"title": "APPLE-SA-2015-03-09-4 Xcode 6.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204427"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "RHSA-2015:0165 ",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0165.html"
},
{
"title": "RHSA-2015:0166 ",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0166.html"
},
{
"title": "USN-2316-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-2316-1"
},
{
"title": "Red Hat: Moderate: subversion security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150165 - security advisory"
},
{
"title": "Red Hat: Moderate: subversion security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150166 - security advisory"
},
{
"title": "Ubuntu Security Notice: subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2316-1"
},
{
"title": "Apple: Xcode 6.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=28f88d65a83ee45368f37221b1b4ea8f"
},
{
"title": "Red Hat: CVE-2014-3528",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3528"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://subversion.apache.org/security/cve-2014-3528-advisory.txt"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/68995"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2316-1"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/59432"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/60722"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0165.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0166.html"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht204427"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/59584"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3528"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90171154/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3528"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-3528"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2014/q3/273"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3580"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://subversion.apache.org/security/cve-2014-3580-advisory.txt"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2316-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2167"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2014-8108-advisory.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9390"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0338.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "BID",
"id": "68995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "128073"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "BID",
"id": "68995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "128073"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-71468"
},
{
"date": "2014-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"date": "2014-08-01T00:00:00",
"db": "BID",
"id": "68995"
},
{
"date": "2014-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"date": "2014-08-14T22:50:50",
"db": "PACKETSTORM",
"id": "127874"
},
{
"date": "2016-10-12T04:50:20",
"db": "PACKETSTORM",
"id": "139060"
},
{
"date": "2015-02-11T01:52:08",
"db": "PACKETSTORM",
"id": "130349"
},
{
"date": "2015-02-11T01:49:16",
"db": "PACKETSTORM",
"id": "130344"
},
{
"date": "2015-03-10T16:22:37",
"db": "PACKETSTORM",
"id": "130744"
},
{
"date": "2014-09-02T20:16:50",
"db": "PACKETSTORM",
"id": "128073"
},
{
"date": "2014-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"date": "2014-08-19T18:55:02.687000",
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-71468"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "68995"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"date": "2014-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"date": "2018-10-30T16:27:34.687000",
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion Vulnerabilities in which credentials are obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
}
],
"trust": 0.6
}
}
VAR-201106-0131
Vulnerability from variot - Updated: 2024-07-23 19:32The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Apache Subversion is prone to multiple vulnerabilities, including two denial-of-service issues and an information-disclosure issue. Attackers can exploit these issues to crash the application, exhaust all memory resources, or obtain potentially sensitive information. Versions prior to Subversion 1.6.17 are vulnerable.
The mod_dav_svn Apache HTTPD server module may in certain cenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a DoS (Denial Of Service) (CVE-2011-1783).
The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users (CVE-2011-1921).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to the 1.6.17 version which is not vulnerable to these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921 http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
Updated Packages:
Mandriva Linux 2009.0: b7dcf908858e788c0321e13109163494 2009.0/i586/apache-mod_dav_svn-1.6.17-0.1mdv2009.0.i586.rpm c403bbd6aedcd9426dc5cf72ef56d1a9 2009.0/i586/apache-mod_dontdothat-1.6.17-0.1mdv2009.0.i586.rpm 2f3d2373aed96710023c6a84819731f6 2009.0/i586/libsvn0-1.6.17-0.1mdv2009.0.i586.rpm 2b4a273ce742b44b5a18bfaba5b9e6af 2009.0/i586/libsvnjavahl1-1.6.17-0.1mdv2009.0.i586.rpm e11fb3f919ab6358d3a3ac26d803715f 2009.0/i586/perl-SVN-1.6.17-0.1mdv2009.0.i586.rpm 745a88c6044f3cf2fda88bfc80500c1a 2009.0/i586/python-svn-1.6.17-0.1mdv2009.0.i586.rpm 7baab70f65cac6de36cede330f032cc5 2009.0/i586/ruby-svn-1.6.17-0.1mdv2009.0.i586.rpm c15bd5f296328d65f2612a61238b0f01 2009.0/i586/subversion-1.6.17-0.1mdv2009.0.i586.rpm b6c69f4a93490250bc4c1c29a51d0301 2009.0/i586/subversion-devel-1.6.17-0.1mdv2009.0.i586.rpm 6b780c034fcf7caa146ac495f74776fd 2009.0/i586/subversion-doc-1.6.17-0.1mdv2009.0.i586.rpm 51e8efe6c17057098eec1e9b0d9b305e 2009.0/i586/subversion-server-1.6.17-0.1mdv2009.0.i586.rpm f974ca62b90d4db1f3eeb0dc80a06787 2009.0/i586/subversion-tools-1.6.17-0.1mdv2009.0.i586.rpm 804da077e30821641755625cb9f6f545 2009.0/i586/svn-javahl-1.6.17-0.1mdv2009.0.i586.rpm 9ac126adb88c745c67e55630c98f1dff 2009.0/SRPMS/subversion-1.6.17-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: adf776406f42c9bb4c5928f8d16ad74f 2009.0/x86_64/apache-mod_dav_svn-1.6.17-0.1mdv2009.0.x86_64.rpm f35384b836889e04b9d732045deacccb 2009.0/x86_64/apache-mod_dontdothat-1.6.17-0.1mdv2009.0.x86_64.rpm cff7dcefaf6e8c3d0a7642a36661e803 2009.0/x86_64/lib64svn0-1.6.17-0.1mdv2009.0.x86_64.rpm 01019c76de0636f512bc1338a180ab1b 2009.0/x86_64/lib64svnjavahl1-1.6.17-0.1mdv2009.0.x86_64.rpm 74812d1b64db5301b1ed74db46dc08b6 2009.0/x86_64/perl-SVN-1.6.17-0.1mdv2009.0.x86_64.rpm 59e84aa6043fae46047327ac124771e9 2009.0/x86_64/python-svn-1.6.17-0.1mdv2009.0.x86_64.rpm 15fae543266ede69fa220419ca91bc8f 2009.0/x86_64/ruby-svn-1.6.17-0.1mdv2009.0.x86_64.rpm cd9be5e2b3ba9497e7f8e42a8d0181e0 2009.0/x86_64/subversion-1.6.17-0.1mdv2009.0.x86_64.rpm 8e14979cf0ac190035fcb0ae994fe4d8 2009.0/x86_64/subversion-devel-1.6.17-0.1mdv2009.0.x86_64.rpm 4c2e1922b12202697983b567638c9b92 2009.0/x86_64/subversion-doc-1.6.17-0.1mdv2009.0.x86_64.rpm a7e5997dc660568bafed59a7bab37578 2009.0/x86_64/subversion-server-1.6.17-0.1mdv2009.0.x86_64.rpm 936dc2d30cc5bb8f54b32d862af63f3d 2009.0/x86_64/subversion-tools-1.6.17-0.1mdv2009.0.x86_64.rpm e40d82e0b13a180d2a3c2ed2cd356e52 2009.0/x86_64/svn-javahl-1.6.17-0.1mdv2009.0.x86_64.rpm 9ac126adb88c745c67e55630c98f1dff 2009.0/SRPMS/subversion-1.6.17-0.1mdv2009.0.src.rpm
Mandriva Linux 2010.1: 809c8316c0cf26a1aa7a26260ebd556b 2010.1/i586/apache-mod_dav_svn-1.6.17-0.1mdv2010.2.i586.rpm 1c5aa3316d62eb40cbda3e91b5a0dead 2010.1/i586/apache-mod_dontdothat-1.6.17-0.1mdv2010.2.i586.rpm 680745e35e66433826514dc65f748597 2010.1/i586/libsvn0-1.6.17-0.1mdv2010.2.i586.rpm 2e523e3262c4fa0d918f6667c8c00bf1 2010.1/i586/libsvn-gnome-keyring0-1.6.17-0.1mdv2010.2.i586.rpm 5b8802e18a6e594676823ec01348143b 2010.1/i586/libsvnjavahl1-1.6.17-0.1mdv2010.2.i586.rpm 2d9d773efd8a108b59dd774d6030681e 2010.1/i586/libsvn-kwallet0-1.6.17-0.1mdv2010.2.i586.rpm 786cd1f13ee58d23e8246b37991f3a4c 2010.1/i586/perl-SVN-1.6.17-0.1mdv2010.2.i586.rpm f718ab77c2b5c77e2b49b38604f4663f 2010.1/i586/python-svn-1.6.17-0.1mdv2010.2.i586.rpm e006b5cef023e652caf2281a197e848a 2010.1/i586/ruby-svn-1.6.17-0.1mdv2010.2.i586.rpm a7f25d127ad47dde81e72f947a425311 2010.1/i586/subversion-1.6.17-0.1mdv2010.2.i586.rpm 2e8997143a4e9caccd531496b3d01acc 2010.1/i586/subversion-devel-1.6.17-0.1mdv2010.2.i586.rpm 1102fa83a4d71bb78410fcf52e240a6a 2010.1/i586/subversion-doc-1.6.17-0.1mdv2010.2.i586.rpm f7d57f0fb38326ef4a94f17ece68071e 2010.1/i586/subversion-server-1.6.17-0.1mdv2010.2.i586.rpm 371566535452839fd3f56d0fd1949083 2010.1/i586/subversion-tools-1.6.17-0.1mdv2010.2.i586.rpm 1625168460442b3044986aec02642ceb 2010.1/i586/svn-javahl-1.6.17-0.1mdv2010.2.i586.rpm 3186570aa3e04f22d98a28e75a394710 2010.1/SRPMS/subversion-1.6.17-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 5e499d3c40941455d1b37dbf5773991e 2010.1/x86_64/apache-mod_dav_svn-1.6.17-0.1mdv2010.2.x86_64.rpm 0aa267a7b319e2a30960ee2a5414d80e 2010.1/x86_64/apache-mod_dontdothat-1.6.17-0.1mdv2010.2.x86_64.rpm 35cdd975fcec1b990d51bdb9f1714bf4 2010.1/x86_64/lib64svn0-1.6.17-0.1mdv2010.2.x86_64.rpm 4278a8f843fb04cd2850eaa64cb0f568 2010.1/x86_64/lib64svn-gnome-keyring0-1.6.17-0.1mdv2010.2.x86_64.rpm d2c973cce463ac11b543c93e70c8aed9 2010.1/x86_64/lib64svnjavahl1-1.6.17-0.1mdv2010.2.x86_64.rpm 80302dffc3708392c44c71e8beb5318c 2010.1/x86_64/lib64svn-kwallet0-1.6.17-0.1mdv2010.2.x86_64.rpm 326ef2d296d29e081afb3191af5212ef 2010.1/x86_64/perl-SVN-1.6.17-0.1mdv2010.2.x86_64.rpm 3ebaa0c7e51c6607cbb15d032793126c 2010.1/x86_64/python-svn-1.6.17-0.1mdv2010.2.x86_64.rpm 7fac98a4b1457fdd628c0f9ac342497a 2010.1/x86_64/ruby-svn-1.6.17-0.1mdv2010.2.x86_64.rpm 5291fcc25554166520cab2642fbdf166 2010.1/x86_64/subversion-1.6.17-0.1mdv2010.2.x86_64.rpm 8b18da0f0e6e8a39f56774395c73eb21 2010.1/x86_64/subversion-devel-1.6.17-0.1mdv2010.2.x86_64.rpm 5e645e03996129bb649ca39a24a09496 2010.1/x86_64/subversion-doc-1.6.17-0.1mdv2010.2.x86_64.rpm ceb52200e4ebfeadec2d48c2c7b5fd4d 2010.1/x86_64/subversion-server-1.6.17-0.1mdv2010.2.x86_64.rpm 95aff7b1b38a5a26a58b44e3984d3d89 2010.1/x86_64/subversion-tools-1.6.17-0.1mdv2010.2.x86_64.rpm 968576b20dd363a6899c4c7eefe8b614 2010.1/x86_64/svn-javahl-1.6.17-0.1mdv2010.2.x86_64.rpm 3186570aa3e04f22d98a28e75a394710 2010.1/SRPMS/subversion-1.6.17-0.1mdv2010.2.src.rpm
Corporate 4.0: b424fc4dea5b090cc831a9b26996bb72 corporate/4.0/i586/apache-mod_dav_svn-1.6.17-0.1.20060mlcs4.i586.rpm 66fd3f68ab4e67043c7bb06bf0f5aaeb corporate/4.0/i586/apache-mod_dontdothat-1.6.17-0.1.20060mlcs4.i586.rpm cc441dda9a371692b8412af0c0b994b8 corporate/4.0/i586/libsvn0-1.6.17-0.1.20060mlcs4.i586.rpm f6005206e732c2f8484e6d49e4b26145 corporate/4.0/i586/perl-SVN-1.6.17-0.1.20060mlcs4.i586.rpm ed2db70bc8a07fe65980e4ca57abb682 corporate/4.0/i586/python-svn-1.6.17-0.1.20060mlcs4.i586.rpm ea7940a13e22f15181076d9fda196b3c corporate/4.0/i586/subversion-1.6.17-0.1.20060mlcs4.i586.rpm 93a99bf395142992eb853fde5ea11df0 corporate/4.0/i586/subversion-devel-1.6.17-0.1.20060mlcs4.i586.rpm 9498abb347b8bda55c0d16eb24b632d8 corporate/4.0/i586/subversion-doc-1.6.17-0.1.20060mlcs4.i586.rpm 0417594b6d75639b515d6154494bd982 corporate/4.0/i586/subversion-server-1.6.17-0.1.20060mlcs4.i586.rpm 9e8f089fbf491f5461b4cd3adf352105 corporate/4.0/i586/subversion-tools-1.6.17-0.1.20060mlcs4.i586.rpm 229c77a2d2172dbb17cc496d169e8dec corporate/4.0/SRPMS/subversion-1.6.17-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: e992b482857ea06a007d88357fb5000b corporate/4.0/x86_64/apache-mod_dav_svn-1.6.17-0.1.20060mlcs4.x86_64.rpm 60c10a01326c435570ff1c009de7e545 corporate/4.0/x86_64/apache-mod_dontdothat-1.6.17-0.1.20060mlcs4.x86_64.rpm 3c9826dc51d1a6b6289a8c123edb4803 corporate/4.0/x86_64/lib64svn0-1.6.17-0.1.20060mlcs4.x86_64.rpm 061c8703b664f7243d57c36f560c037c corporate/4.0/x86_64/perl-SVN-1.6.17-0.1.20060mlcs4.x86_64.rpm ba61070e3084b50f3d3196911ee9004b corporate/4.0/x86_64/python-svn-1.6.17-0.1.20060mlcs4.x86_64.rpm e87e651ac237c9425e1a2650f9761fe9 corporate/4.0/x86_64/subversion-1.6.17-0.1.20060mlcs4.x86_64.rpm feb1ad3849b68b49b38e124db0b0d633 corporate/4.0/x86_64/subversion-devel-1.6.17-0.1.20060mlcs4.x86_64.rpm a0ed185c8c0aa4e4b0186f8aa08dc6b4 corporate/4.0/x86_64/subversion-doc-1.6.17-0.1.20060mlcs4.x86_64.rpm 0d9bdee90a50428480922d2e882f6fe3 corporate/4.0/x86_64/subversion-server-1.6.17-0.1.20060mlcs4.x86_64.rpm e5afc579bb3fbc44509241e010549e53 corporate/4.0/x86_64/subversion-tools-1.6.17-0.1.20060mlcs4.x86_64.rpm 229c77a2d2172dbb17cc496d169e8dec corporate/4.0/SRPMS/subversion-1.6.17-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: d8165cb83dada65ebc80808c55c99f5d mes5/i586/apache-mod_dav_svn-1.6.17-0.1mdvmes5.2.i586.rpm 5e653275497d01bab284741d509fcc20 mes5/i586/apache-mod_dontdothat-1.6.17-0.1mdvmes5.2.i586.rpm 93ce20f3fc00bf2b0d2136b7c35538ed mes5/i586/libsvn0-1.6.17-0.1mdvmes5.2.i586.rpm c8602d9ca59963d8f288d7c1ea718cb3 mes5/i586/libsvnjavahl1-1.6.17-0.1mdvmes5.2.i586.rpm f148fab1eedbcf9a9f19d3e60c6cfadf mes5/i586/perl-SVN-1.6.17-0.1mdvmes5.2.i586.rpm d631ac32c1563680d7c5cc9bcbfcfb6b mes5/i586/python-svn-1.6.17-0.1mdvmes5.2.i586.rpm 06f830bce3b8e01f2fd40b5c637ab986 mes5/i586/ruby-svn-1.6.17-0.1mdvmes5.2.i586.rpm 357ceb371acfcd3eb9cd88caa107a53b mes5/i586/subversion-1.6.17-0.1mdvmes5.2.i586.rpm b3aa7097cb52e07a775653d822aa7dba mes5/i586/subversion-devel-1.6.17-0.1mdvmes5.2.i586.rpm 798e56237c5ea86ad3f78dc28efe5872 mes5/i586/subversion-doc-1.6.17-0.1mdvmes5.2.i586.rpm 973d3c726f9d0c502acfeacad69ac614 mes5/i586/subversion-server-1.6.17-0.1mdvmes5.2.i586.rpm 46f2b4d4539d7da8848a182a9b28afbd mes5/i586/subversion-tools-1.6.17-0.1mdvmes5.2.i586.rpm 56254352fdc6c10f56e03b8a50089105 mes5/i586/svn-javahl-1.6.17-0.1mdvmes5.2.i586.rpm c036e0758d2b25ecaf2b2773306dc9f1 mes5/SRPMS/subversion-1.6.17-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: e41d3cd15e340df2903d1ae5fcaa958e mes5/x86_64/apache-mod_dav_svn-1.6.17-0.1mdvmes5.2.x86_64.rpm d84d598685b49e33b29b99e73bd25e61 mes5/x86_64/apache-mod_dontdothat-1.6.17-0.1mdvmes5.2.x86_64.rpm 67cc1d9ac7ac69fa494bb3c0c3ab1b24 mes5/x86_64/lib64svn0-1.6.17-0.1mdvmes5.2.x86_64.rpm 0c93407253c6456cf47ac40fdf903ae0 mes5/x86_64/lib64svnjavahl1-1.6.17-0.1mdvmes5.2.x86_64.rpm 9662f86183093a782ff143ff1c3f61a8 mes5/x86_64/perl-SVN-1.6.17-0.1mdvmes5.2.x86_64.rpm 74879ef216a0286b463c8713e1045b43 mes5/x86_64/python-svn-1.6.17-0.1mdvmes5.2.x86_64.rpm 032060ecadfbfaff5c94a2df6b7b1157 mes5/x86_64/ruby-svn-1.6.17-0.1mdvmes5.2.x86_64.rpm 4ca2ddde563edde87e5864e419db655b mes5/x86_64/subversion-1.6.17-0.1mdvmes5.2.x86_64.rpm a7690a8ee3c367539958d740bd885252 mes5/x86_64/subversion-devel-1.6.17-0.1mdvmes5.2.x86_64.rpm 6b1d4297f49e1703a69e5c73ee380686 mes5/x86_64/subversion-doc-1.6.17-0.1mdvmes5.2.x86_64.rpm 316dc293f1c4871b9833ecffc7e809b0 mes5/x86_64/subversion-server-1.6.17-0.1mdvmes5.2.x86_64.rpm d644829032a7bf93945ef6376cf1ed9c mes5/x86_64/subversion-tools-1.6.17-0.1mdvmes5.2.x86_64.rpm b25e044ca25e3891dfd4699b94bc10e2 mes5/x86_64/svn-javahl-1.6.17-0.1mdvmes5.2.x86_64.rpm c036e0758d2b25ecaf2b2773306dc9f1 mes5/SRPMS/subversion-1.6.17-0.1mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFN6cg2mqjQ0CJFipgRAqj2AKCRyKt813e0OmWSTU5bL58KCmUwowCfT6RY DDOtowgSctAg4EX+tLXIvRQ= =zsmM -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following:
Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker in a privileged network position may intercept CardDAV data Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval. CVE-ID CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-3348
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default. CVE-ID CVE-2011-3389
CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send the request to an incorrect origin server. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook
CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3447 : Erling Ellingsen of Facebook
ColorSync Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative
CoreAudio Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files. CVE-ID CVE-2011-3448 : Scott Stender of iSEC Partners
CoreText Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of font files. CVE-ID CVE-2011-3449 : Will Dormann of the CERT/CC
CoreUI Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3450 : Ben Syverson
curl Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote server may be able to impersonate clients via GSSAPI requests Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation. CVE-ID CVE-2011-2192
Data Security Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.
dovecot Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. CVE-ID CVE-2011-3389 : Apple
filecmds Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the 'uncompress' command line tool. CVE-ID CVE-2011-2895
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is address by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328
Internet Sharing Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update. CVE-ID CVE-2011-3452 : an anonymous researcher
Libinfo Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook
libresolv Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive
libsecurity Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates. CVE-ID CVE-2011-3422 : Alastair Houghton
OpenGL Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in PHP 5.3.6 Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-1148 CVE-2011-1657 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 CVE-2011-3182 CVE-2011-3189 CVE-2011-3267 CVE-2011-3268
PHP Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. CVE-ID CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FLC encoded movie files CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SquirrelMail Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in SquirrelMail Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/ CVE-ID CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023
Subversion Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.tigris.org/ CVE-ID CVE-2011-1752 CVE-2011-1783 CVE-2011-1921
Time Machine Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote attacker may access new backups created by the user's system Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. CVE-ID CVE-2011-3462 : Michael Roitzsch of the Technische Universitat Dresden
Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.32 Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2011-2204
WebDAV Sharing Available for: OS X Lion Server v10.7 to v10.7.2 Impact: Local users may obtain system privileges Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3463 : Gordon Davisson of Crywolf
Webmail Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/ CVE-ID CVE-2011-2937
X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple
OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2021-001 or OS X v10.7.3.
For OS X Lion v10.7.2 The download file is named: MacOSXUpd10.7.3.dmg Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c
For OS X Lion v10.7 and v10.7.1 The download file is named: MacOSXUpdCombo10.7.3.dmg Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c
For OS X Lion Server v10.7.2 The download file is named: MacOSXServerUpd10.7.3.dmg Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d
For OS X Lion Server v10.7 and v10.7.1 The download file is named: MacOSXServerUpdCombo10.7.3.dmg Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b
For Mac OS X v10.6.8 The download file is named: SecUpd2012-001Snow.dmg Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-001.dmg Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy 9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo= =c1eU -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Apache Subversion mod_dav_svn Two Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA44681
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44681/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44681
RELEASE DATE: 2011-06-02
DISCUSS ADVISORY: http://secunia.com/advisories/44681/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44681/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44681
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Apache Subversion, which can be exploited by malicious people to cause a DoS (Denial of Service).
2) An error within the mod_dav_svn module when handling certain path-based access control rules can be exploited to trigger an infinite loop and exhaust memory.
NOTE: A weakness in the handling of path-based access control rules, which could result in certain unreadable files and directories becoming readable has also been reported.
PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor 2) The vendor credits Ivan Zhakov, VisualSVN.
ORIGINAL ADVISORY: http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-11
http://security.gentoo.org/
Severity: Low Title: Subversion: Multiple vulnerabilities Date: September 23, 2013 Bugs: #350166, #356741, #369065, #463728, #463860, #472202, #482166 ID: 201309-11
Synopsis
Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information.
Background
Subversion is a versioning system designed to be a replacement for CVS.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.7.13 >= 1.7.13
Description
Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details. A local attacker could escalate his privileges to the user running svnserve.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13"
References
[ 1 ] CVE-2010-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539 [ 2 ] CVE-2010-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644 [ 3 ] CVE-2011-0715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715 [ 4 ] CVE-2011-1752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752 [ 5 ] CVE-2011-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783 [ 6 ] CVE-2011-1921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921 [ 7 ] CVE-2013-1845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845 [ 8 ] CVE-2013-1846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846 [ 9 ] CVE-2013-1847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847 [ 10 ] CVE-2013-1849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849 [ 11 ] CVE-2013-1884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884 [ 12 ] CVE-2013-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968 [ 13 ] CVE-2013-2088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088 [ 14 ] CVE-2013-2112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112 [ 15 ] CVE-2013-4131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131 [ 16 ] CVE-2013-4277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2011-1752
The mod_dav_svn Apache HTTPD server module can be crashed though
when asked to deliver baselined WebDAV resources.
For the oldstable distribution (lenny), this problem has been fixed in version 1.5.1dfsg1-7.
For the stable distribution (squeeze), this problem has been fixed in version 1.6.12dfsg-6.
For the unstable distribution (sid), this problem has been fixed in version 1.6.17dfsg-1.
We recommend that you upgrade your subversion packages. ========================================================================== Ubuntu Security Notice USN-1144-1 June 06, 2011
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
An attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash or gain access to restricted files.
Software Description: - subversion: Advanced version control system
Details:
Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain baselined WebDAV resource requests. (CVE-2011-1752)
Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests. (CVE-2011-1921)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: libapache2-svn 1.6.12dfsg-4ubuntu2.1
Ubuntu 10.10: libapache2-svn 1.6.12dfsg-1ubuntu1.3
Ubuntu 10.04 LTS: libapache2-svn 1.6.6dfsg-2ubuntu1.3
After a standard system update you need to restart any applications that use Subversion, such as Apache when using mod_dav_svn, to make all the necessary changes.
References: CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
Package Information: https://launchpad.net/ubuntu/+source/subversion/1.6.12dfsg-4ubuntu2.1 https://launchpad.net/ubuntu/+source/subversion/1.6.12dfsg-1ubuntu1.3 https://launchpad.net/ubuntu/+source/subversion/1.6.6dfsg-2ubuntu1.3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201106-0131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.7.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "11.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "15"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.6.z (server)"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux long life",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.6 server)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.1.z"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "0.36.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "0.37.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.2"
},
{
"model": "software foundation subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.17.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "software foundation subversion m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.9"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.37"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.35.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.12"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.6"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.33.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.23"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.36"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.32.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.21"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.11.1"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.18.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.6"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "software foundation subversion m4/m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.29"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.34"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.4"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.5"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.15"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.18"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.19.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.16"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.26"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "software foundation subversion m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.7"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.19"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.33"
},
{
"model": "software foundation subversion m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.20"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.16.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.30"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.25"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.35"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.27"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.20.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.17"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.31"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "48091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-021"
},
{
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.6.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.7.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u0026lt;br\u0026gt;Joe Schaefer of Apache Software Foundation, Ivan Zhakov of VisualSVN, and Kamesh Jayachandran of CollabNet.",
"sources": [
{
"db": "BID",
"id": "48091"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1752",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-1752",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-49697",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1752",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201106-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49697",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49697"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-021"
},
{
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Apache Subversion is prone to multiple vulnerabilities, including two denial-of-service issues and an information-disclosure issue. \nAttackers can exploit these issues to crash the application, exhaust all memory resources, or obtain potentially sensitive information. \nVersions prior to Subversion 1.6.17 are vulnerable. \n \n The mod_dav_svn Apache HTTPD server module may in certain cenarios\n enter a logic loop which does not exit and which allocates emory in\n each iteration, ultimately exhausting all the available emory on the\n server which can lead to a DoS (Denial Of Service) (CVE-2011-1783). \n \n The mod_dav_svn Apache HTTPD server module may leak to remote users\n the file contents of files configured to be unreadable by those users\n (CVE-2011-1921). \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been upgraded to the 1.6.17 version which\n is not vulnerable to these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921\n http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n b7dcf908858e788c0321e13109163494 2009.0/i586/apache-mod_dav_svn-1.6.17-0.1mdv2009.0.i586.rpm\n c403bbd6aedcd9426dc5cf72ef56d1a9 2009.0/i586/apache-mod_dontdothat-1.6.17-0.1mdv2009.0.i586.rpm\n 2f3d2373aed96710023c6a84819731f6 2009.0/i586/libsvn0-1.6.17-0.1mdv2009.0.i586.rpm\n 2b4a273ce742b44b5a18bfaba5b9e6af 2009.0/i586/libsvnjavahl1-1.6.17-0.1mdv2009.0.i586.rpm\n e11fb3f919ab6358d3a3ac26d803715f 2009.0/i586/perl-SVN-1.6.17-0.1mdv2009.0.i586.rpm\n 745a88c6044f3cf2fda88bfc80500c1a 2009.0/i586/python-svn-1.6.17-0.1mdv2009.0.i586.rpm\n 7baab70f65cac6de36cede330f032cc5 2009.0/i586/ruby-svn-1.6.17-0.1mdv2009.0.i586.rpm\n c15bd5f296328d65f2612a61238b0f01 2009.0/i586/subversion-1.6.17-0.1mdv2009.0.i586.rpm\n b6c69f4a93490250bc4c1c29a51d0301 2009.0/i586/subversion-devel-1.6.17-0.1mdv2009.0.i586.rpm\n 6b780c034fcf7caa146ac495f74776fd 2009.0/i586/subversion-doc-1.6.17-0.1mdv2009.0.i586.rpm\n 51e8efe6c17057098eec1e9b0d9b305e 2009.0/i586/subversion-server-1.6.17-0.1mdv2009.0.i586.rpm\n f974ca62b90d4db1f3eeb0dc80a06787 2009.0/i586/subversion-tools-1.6.17-0.1mdv2009.0.i586.rpm\n 804da077e30821641755625cb9f6f545 2009.0/i586/svn-javahl-1.6.17-0.1mdv2009.0.i586.rpm \n 9ac126adb88c745c67e55630c98f1dff 2009.0/SRPMS/subversion-1.6.17-0.1mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n adf776406f42c9bb4c5928f8d16ad74f 2009.0/x86_64/apache-mod_dav_svn-1.6.17-0.1mdv2009.0.x86_64.rpm\n f35384b836889e04b9d732045deacccb 2009.0/x86_64/apache-mod_dontdothat-1.6.17-0.1mdv2009.0.x86_64.rpm\n cff7dcefaf6e8c3d0a7642a36661e803 2009.0/x86_64/lib64svn0-1.6.17-0.1mdv2009.0.x86_64.rpm\n 01019c76de0636f512bc1338a180ab1b 2009.0/x86_64/lib64svnjavahl1-1.6.17-0.1mdv2009.0.x86_64.rpm\n 74812d1b64db5301b1ed74db46dc08b6 2009.0/x86_64/perl-SVN-1.6.17-0.1mdv2009.0.x86_64.rpm\n 59e84aa6043fae46047327ac124771e9 2009.0/x86_64/python-svn-1.6.17-0.1mdv2009.0.x86_64.rpm\n 15fae543266ede69fa220419ca91bc8f 2009.0/x86_64/ruby-svn-1.6.17-0.1mdv2009.0.x86_64.rpm\n cd9be5e2b3ba9497e7f8e42a8d0181e0 2009.0/x86_64/subversion-1.6.17-0.1mdv2009.0.x86_64.rpm\n 8e14979cf0ac190035fcb0ae994fe4d8 2009.0/x86_64/subversion-devel-1.6.17-0.1mdv2009.0.x86_64.rpm\n 4c2e1922b12202697983b567638c9b92 2009.0/x86_64/subversion-doc-1.6.17-0.1mdv2009.0.x86_64.rpm\n a7e5997dc660568bafed59a7bab37578 2009.0/x86_64/subversion-server-1.6.17-0.1mdv2009.0.x86_64.rpm\n 936dc2d30cc5bb8f54b32d862af63f3d 2009.0/x86_64/subversion-tools-1.6.17-0.1mdv2009.0.x86_64.rpm\n e40d82e0b13a180d2a3c2ed2cd356e52 2009.0/x86_64/svn-javahl-1.6.17-0.1mdv2009.0.x86_64.rpm \n 9ac126adb88c745c67e55630c98f1dff 2009.0/SRPMS/subversion-1.6.17-0.1mdv2009.0.src.rpm\n\n Mandriva Linux 2010.1:\n 809c8316c0cf26a1aa7a26260ebd556b 2010.1/i586/apache-mod_dav_svn-1.6.17-0.1mdv2010.2.i586.rpm\n 1c5aa3316d62eb40cbda3e91b5a0dead 2010.1/i586/apache-mod_dontdothat-1.6.17-0.1mdv2010.2.i586.rpm\n 680745e35e66433826514dc65f748597 2010.1/i586/libsvn0-1.6.17-0.1mdv2010.2.i586.rpm\n 2e523e3262c4fa0d918f6667c8c00bf1 2010.1/i586/libsvn-gnome-keyring0-1.6.17-0.1mdv2010.2.i586.rpm\n 5b8802e18a6e594676823ec01348143b 2010.1/i586/libsvnjavahl1-1.6.17-0.1mdv2010.2.i586.rpm\n 2d9d773efd8a108b59dd774d6030681e 2010.1/i586/libsvn-kwallet0-1.6.17-0.1mdv2010.2.i586.rpm\n 786cd1f13ee58d23e8246b37991f3a4c 2010.1/i586/perl-SVN-1.6.17-0.1mdv2010.2.i586.rpm\n f718ab77c2b5c77e2b49b38604f4663f 2010.1/i586/python-svn-1.6.17-0.1mdv2010.2.i586.rpm\n e006b5cef023e652caf2281a197e848a 2010.1/i586/ruby-svn-1.6.17-0.1mdv2010.2.i586.rpm\n a7f25d127ad47dde81e72f947a425311 2010.1/i586/subversion-1.6.17-0.1mdv2010.2.i586.rpm\n 2e8997143a4e9caccd531496b3d01acc 2010.1/i586/subversion-devel-1.6.17-0.1mdv2010.2.i586.rpm\n 1102fa83a4d71bb78410fcf52e240a6a 2010.1/i586/subversion-doc-1.6.17-0.1mdv2010.2.i586.rpm\n f7d57f0fb38326ef4a94f17ece68071e 2010.1/i586/subversion-server-1.6.17-0.1mdv2010.2.i586.rpm\n 371566535452839fd3f56d0fd1949083 2010.1/i586/subversion-tools-1.6.17-0.1mdv2010.2.i586.rpm\n 1625168460442b3044986aec02642ceb 2010.1/i586/svn-javahl-1.6.17-0.1mdv2010.2.i586.rpm \n 3186570aa3e04f22d98a28e75a394710 2010.1/SRPMS/subversion-1.6.17-0.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 5e499d3c40941455d1b37dbf5773991e 2010.1/x86_64/apache-mod_dav_svn-1.6.17-0.1mdv2010.2.x86_64.rpm\n 0aa267a7b319e2a30960ee2a5414d80e 2010.1/x86_64/apache-mod_dontdothat-1.6.17-0.1mdv2010.2.x86_64.rpm\n 35cdd975fcec1b990d51bdb9f1714bf4 2010.1/x86_64/lib64svn0-1.6.17-0.1mdv2010.2.x86_64.rpm\n 4278a8f843fb04cd2850eaa64cb0f568 2010.1/x86_64/lib64svn-gnome-keyring0-1.6.17-0.1mdv2010.2.x86_64.rpm\n d2c973cce463ac11b543c93e70c8aed9 2010.1/x86_64/lib64svnjavahl1-1.6.17-0.1mdv2010.2.x86_64.rpm\n 80302dffc3708392c44c71e8beb5318c 2010.1/x86_64/lib64svn-kwallet0-1.6.17-0.1mdv2010.2.x86_64.rpm\n 326ef2d296d29e081afb3191af5212ef 2010.1/x86_64/perl-SVN-1.6.17-0.1mdv2010.2.x86_64.rpm\n 3ebaa0c7e51c6607cbb15d032793126c 2010.1/x86_64/python-svn-1.6.17-0.1mdv2010.2.x86_64.rpm\n 7fac98a4b1457fdd628c0f9ac342497a 2010.1/x86_64/ruby-svn-1.6.17-0.1mdv2010.2.x86_64.rpm\n 5291fcc25554166520cab2642fbdf166 2010.1/x86_64/subversion-1.6.17-0.1mdv2010.2.x86_64.rpm\n 8b18da0f0e6e8a39f56774395c73eb21 2010.1/x86_64/subversion-devel-1.6.17-0.1mdv2010.2.x86_64.rpm\n 5e645e03996129bb649ca39a24a09496 2010.1/x86_64/subversion-doc-1.6.17-0.1mdv2010.2.x86_64.rpm\n ceb52200e4ebfeadec2d48c2c7b5fd4d 2010.1/x86_64/subversion-server-1.6.17-0.1mdv2010.2.x86_64.rpm\n 95aff7b1b38a5a26a58b44e3984d3d89 2010.1/x86_64/subversion-tools-1.6.17-0.1mdv2010.2.x86_64.rpm\n 968576b20dd363a6899c4c7eefe8b614 2010.1/x86_64/svn-javahl-1.6.17-0.1mdv2010.2.x86_64.rpm \n 3186570aa3e04f22d98a28e75a394710 2010.1/SRPMS/subversion-1.6.17-0.1mdv2010.2.src.rpm\n\n Corporate 4.0:\n b424fc4dea5b090cc831a9b26996bb72 corporate/4.0/i586/apache-mod_dav_svn-1.6.17-0.1.20060mlcs4.i586.rpm\n 66fd3f68ab4e67043c7bb06bf0f5aaeb corporate/4.0/i586/apache-mod_dontdothat-1.6.17-0.1.20060mlcs4.i586.rpm\n cc441dda9a371692b8412af0c0b994b8 corporate/4.0/i586/libsvn0-1.6.17-0.1.20060mlcs4.i586.rpm\n f6005206e732c2f8484e6d49e4b26145 corporate/4.0/i586/perl-SVN-1.6.17-0.1.20060mlcs4.i586.rpm\n ed2db70bc8a07fe65980e4ca57abb682 corporate/4.0/i586/python-svn-1.6.17-0.1.20060mlcs4.i586.rpm\n ea7940a13e22f15181076d9fda196b3c corporate/4.0/i586/subversion-1.6.17-0.1.20060mlcs4.i586.rpm\n 93a99bf395142992eb853fde5ea11df0 corporate/4.0/i586/subversion-devel-1.6.17-0.1.20060mlcs4.i586.rpm\n 9498abb347b8bda55c0d16eb24b632d8 corporate/4.0/i586/subversion-doc-1.6.17-0.1.20060mlcs4.i586.rpm\n 0417594b6d75639b515d6154494bd982 corporate/4.0/i586/subversion-server-1.6.17-0.1.20060mlcs4.i586.rpm\n 9e8f089fbf491f5461b4cd3adf352105 corporate/4.0/i586/subversion-tools-1.6.17-0.1.20060mlcs4.i586.rpm \n 229c77a2d2172dbb17cc496d169e8dec corporate/4.0/SRPMS/subversion-1.6.17-0.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n e992b482857ea06a007d88357fb5000b corporate/4.0/x86_64/apache-mod_dav_svn-1.6.17-0.1.20060mlcs4.x86_64.rpm\n 60c10a01326c435570ff1c009de7e545 corporate/4.0/x86_64/apache-mod_dontdothat-1.6.17-0.1.20060mlcs4.x86_64.rpm\n 3c9826dc51d1a6b6289a8c123edb4803 corporate/4.0/x86_64/lib64svn0-1.6.17-0.1.20060mlcs4.x86_64.rpm\n 061c8703b664f7243d57c36f560c037c corporate/4.0/x86_64/perl-SVN-1.6.17-0.1.20060mlcs4.x86_64.rpm\n ba61070e3084b50f3d3196911ee9004b corporate/4.0/x86_64/python-svn-1.6.17-0.1.20060mlcs4.x86_64.rpm\n e87e651ac237c9425e1a2650f9761fe9 corporate/4.0/x86_64/subversion-1.6.17-0.1.20060mlcs4.x86_64.rpm\n feb1ad3849b68b49b38e124db0b0d633 corporate/4.0/x86_64/subversion-devel-1.6.17-0.1.20060mlcs4.x86_64.rpm\n a0ed185c8c0aa4e4b0186f8aa08dc6b4 corporate/4.0/x86_64/subversion-doc-1.6.17-0.1.20060mlcs4.x86_64.rpm\n 0d9bdee90a50428480922d2e882f6fe3 corporate/4.0/x86_64/subversion-server-1.6.17-0.1.20060mlcs4.x86_64.rpm\n e5afc579bb3fbc44509241e010549e53 corporate/4.0/x86_64/subversion-tools-1.6.17-0.1.20060mlcs4.x86_64.rpm \n 229c77a2d2172dbb17cc496d169e8dec corporate/4.0/SRPMS/subversion-1.6.17-0.1.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n d8165cb83dada65ebc80808c55c99f5d mes5/i586/apache-mod_dav_svn-1.6.17-0.1mdvmes5.2.i586.rpm\n 5e653275497d01bab284741d509fcc20 mes5/i586/apache-mod_dontdothat-1.6.17-0.1mdvmes5.2.i586.rpm\n 93ce20f3fc00bf2b0d2136b7c35538ed mes5/i586/libsvn0-1.6.17-0.1mdvmes5.2.i586.rpm\n c8602d9ca59963d8f288d7c1ea718cb3 mes5/i586/libsvnjavahl1-1.6.17-0.1mdvmes5.2.i586.rpm\n f148fab1eedbcf9a9f19d3e60c6cfadf mes5/i586/perl-SVN-1.6.17-0.1mdvmes5.2.i586.rpm\n d631ac32c1563680d7c5cc9bcbfcfb6b mes5/i586/python-svn-1.6.17-0.1mdvmes5.2.i586.rpm\n 06f830bce3b8e01f2fd40b5c637ab986 mes5/i586/ruby-svn-1.6.17-0.1mdvmes5.2.i586.rpm\n 357ceb371acfcd3eb9cd88caa107a53b mes5/i586/subversion-1.6.17-0.1mdvmes5.2.i586.rpm\n b3aa7097cb52e07a775653d822aa7dba mes5/i586/subversion-devel-1.6.17-0.1mdvmes5.2.i586.rpm\n 798e56237c5ea86ad3f78dc28efe5872 mes5/i586/subversion-doc-1.6.17-0.1mdvmes5.2.i586.rpm\n 973d3c726f9d0c502acfeacad69ac614 mes5/i586/subversion-server-1.6.17-0.1mdvmes5.2.i586.rpm\n 46f2b4d4539d7da8848a182a9b28afbd mes5/i586/subversion-tools-1.6.17-0.1mdvmes5.2.i586.rpm\n 56254352fdc6c10f56e03b8a50089105 mes5/i586/svn-javahl-1.6.17-0.1mdvmes5.2.i586.rpm \n c036e0758d2b25ecaf2b2773306dc9f1 mes5/SRPMS/subversion-1.6.17-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n e41d3cd15e340df2903d1ae5fcaa958e mes5/x86_64/apache-mod_dav_svn-1.6.17-0.1mdvmes5.2.x86_64.rpm\n d84d598685b49e33b29b99e73bd25e61 mes5/x86_64/apache-mod_dontdothat-1.6.17-0.1mdvmes5.2.x86_64.rpm\n 67cc1d9ac7ac69fa494bb3c0c3ab1b24 mes5/x86_64/lib64svn0-1.6.17-0.1mdvmes5.2.x86_64.rpm\n 0c93407253c6456cf47ac40fdf903ae0 mes5/x86_64/lib64svnjavahl1-1.6.17-0.1mdvmes5.2.x86_64.rpm\n 9662f86183093a782ff143ff1c3f61a8 mes5/x86_64/perl-SVN-1.6.17-0.1mdvmes5.2.x86_64.rpm\n 74879ef216a0286b463c8713e1045b43 mes5/x86_64/python-svn-1.6.17-0.1mdvmes5.2.x86_64.rpm\n 032060ecadfbfaff5c94a2df6b7b1157 mes5/x86_64/ruby-svn-1.6.17-0.1mdvmes5.2.x86_64.rpm\n 4ca2ddde563edde87e5864e419db655b mes5/x86_64/subversion-1.6.17-0.1mdvmes5.2.x86_64.rpm\n a7690a8ee3c367539958d740bd885252 mes5/x86_64/subversion-devel-1.6.17-0.1mdvmes5.2.x86_64.rpm\n 6b1d4297f49e1703a69e5c73ee380686 mes5/x86_64/subversion-doc-1.6.17-0.1mdvmes5.2.x86_64.rpm\n 316dc293f1c4871b9833ecffc7e809b0 mes5/x86_64/subversion-server-1.6.17-0.1mdvmes5.2.x86_64.rpm\n d644829032a7bf93945ef6376cf1ed9c mes5/x86_64/subversion-tools-1.6.17-0.1mdvmes5.2.x86_64.rpm\n b25e044ca25e3891dfd4699b94bc10e2 mes5/x86_64/svn-javahl-1.6.17-0.1mdvmes5.2.x86_64.rpm \n c036e0758d2b25ecaf2b2773306dc9f1 mes5/SRPMS/subversion-1.6.17-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFN6cg2mqjQ0CJFipgRAqj2AKCRyKt813e0OmWSTU5bL58KCmUwowCfT6RY\nDDOtowgSctAg4EX+tLXIvRQ=\n=zsmM\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\n\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\naddresses the following:\n\nAddress Book\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: An attacker in a privileged network position may intercept\nCardDAV data\nDescription: Address Book supports Secure Sockets Layer (SSL) for\naccessing CardDAV. A downgrade issue caused Address Book to attempt\nan unencrypted connection if an encrypted connection failed. An\nattacker in a privileged network position could abuse this behavior\nto intercept CardDAV data. This issue is addressed by not downgrading\nto an unencrypted connection without user approval. \nCVE-ID\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.21 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/\nCVE-ID\nCVE-2011-3348\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nApache disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by providing a configuration\nparameter to control the countermeasure and enabling it by default. \nCVE-ID\nCVE-2011-3389\n\nCFNetwork\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nthe request to an incorrect origin server. This issue does not affect\nsystems prior to OS X Lion. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCFNetwork\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nunexpected request headers. This issue does not affect systems prior\nto OS X Lion. \nCVE-ID\nCVE-2011-3447 : Erling Ellingsen of Facebook\n\nColorSync\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution\nDescription: An integer overflow existed in the handling of images\nwith an embedded ColorSync profile, which may lead to a heap buffer\noverflow. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-0200 : binaryproof working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreAudio\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Playing maliciously crafted audio content may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of AAC\nencoded audio streams. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreMedia\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in CoreMedia\u0027s handling\nof H.264 encoded movie files. \nCVE-ID\nCVE-2011-3448 : Scott Stender of iSEC Partners\n\nCoreText\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to an unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue existed in the handling of font\nfiles. \nCVE-ID\nCVE-2011-3449 : Will Dormann of the CERT/CC\n\nCoreUI\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a malicious website may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: An unbounded stack allocation issue existed in the\nhandling of long URLs. This issue does not affect systems prior to OS\nX Lion. \nCVE-ID\nCVE-2011-3450 : Ben Syverson\n\ncurl\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: A remote server may be able to impersonate clients via\nGSSAPI requests\nDescription: When doing GSSAPI authentication, libcurl\nunconditionally performs credential delegation. This issue is\naddressed by disabling GSSAPI credential delegation. \nCVE-ID\nCVE-2011-2192\n\nData Security\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: Two certificate authorities in the list of trusted root\ncertificates have independently issued intermediate certificates to\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\nweak keys that it is unable to revoke. An attacker with a privileged\nnetwork position could intercept user credentials or other sensitive\ninformation intended for a site with a certificate issued by DigiCert\nMalaysia. This issue is addressed by configuring default system trust\nsettings so that DigiCert Malaysia\u0027s certificates are not trusted. We\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\nthis issue. \n\ndovecot\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nDovecot disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by enabling the\ncountermeasure. \nCVE-ID\nCVE-2011-3389 : Apple\n\nfilecmds\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Decompressing a maliciously crafted compressed file may lead\nto an unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the \u0027uncompress\u0027 command\nline tool. \nCVE-ID\nCVE-2011-2895\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in ImageIO\u0027s handling of\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in libtiff\u0027s handling of\nThunderScan encoded TIFF images. This issue is address by updating\nlibtiff to version 3.9.5. \nCVE-ID\nCVE-2011-1167\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in libpng 1.5.4\nDescription: libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nInternet Sharing\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: A Wi-Fi network created by Internet Sharing may lose\nsecurity settings after a system update\nDescription: After updating to a version of OS X Lion prior to\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\nto factory defaults, which disables the WEP password. This issue only\naffects systems with Internet Sharing enabled and sharing the\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\nconfiguration during a system update. \nCVE-ID\nCVE-2011-3452 : an anonymous researcher\n\nLibinfo\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in Libinfo\u0027s handling of hostname\nlookup requests. Libinfo could return incorrect results for a\nmaliciously crafted hostname. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3441 : Erling Ellingsen of Facebook\n\nlibresolv\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Applications that use OS X\u0027s libresolv library may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: An integer overflow existed in the parsing of DNS\nresource records, which may lead to heap memory corruption. \nCVE-ID\nCVE-2011-3453 : Ilja van Sprundel of IOActive\n\nlibsecurity\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Some EV certificates may be trusted even if the\ncorresponding root has been marked as untrusted\nDescription: The certificate code trusted a root certificate to sign\nEV certificates if it was on the list of known EV issuers, even if\nthe user had marked it as \u0027Never Trust\u0027 in Keychain. The root would\nnot be trusted to sign non-EV certificates. \nCVE-ID\nCVE-2011-3422 : Alastair Houghton\n\nOpenGL\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Applications that use OS X\u0027s OpenGL implementation may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues existed in the\nhandling of GLSL compilation. \nCVE-ID\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\nMarc Schoenefeld of the Red Hat Security Response Team\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in PHP 5.3.6\nDescription: PHP is updated to version 5.3.8 to address several\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2011-1148\nCVE-2011-1657\nCVE-2011-1938\nCVE-2011-2202\nCVE-2011-2483\nCVE-2011-3182\nCVE-2011-3189\nCVE-2011-3267\nCVE-2011-3268\n\nPHP\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in libpng 1.5.4\nDescription: libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\nan unexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access issue existed in the\nhandling of MP4 encoded files. \nCVE-ID\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\nTippingPoint\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of font\ntables embedded in QuickTime movie files. \nCVE-ID\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An off by one buffer overflow existed in the handling\nof rdrf atoms in QuickTime movie files. \nCVE-ID\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted JPEG2000 image file may lead\nto an unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nfiles. \nCVE-ID\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Processing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PNG files. \nCVE-ID\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of FLC\nencoded movie files\nCVE-ID\nCVE-2011-3249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nSquirrelMail\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in SquirrelMail\nDescription: SquirrelMail is updated to version 1.4.22 to address\nseveral vulnerabilities, the most serious of which is a cross-site\nscripting issue. This issue does not affect OS X Lion systems. \nFurther information is available via the SquirrelMail web site at\nhttp://www.SquirrelMail.org/\nCVE-ID\nCVE-2010-1637\nCVE-2010-2813\nCVE-2010-4554\nCVE-2010-4555\nCVE-2011-2023\n\nSubversion\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Accessing a Subversion repository may lead to the disclosure\nof sensitive information\nDescription: Subversion is updated to version 1.6.17 to address\nmultiple vulnerabilities, the most serious of which may lead to the\ndisclosure of sensitive information. Further information is available\nvia the Subversion web site at http://subversion.tigris.org/\nCVE-ID\nCVE-2011-1752\nCVE-2011-1783\nCVE-2011-1921\n\nTime Machine\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: A remote attacker may access new backups created by the\nuser\u0027s system\nDescription: The user may designate a remote AFP volume or Time\nCapsule to be used for Time Machine backups. Time Machine did not\nverify that the same device was being used for subsequent backup\noperations. An attacker who is able to spoof the remote volume could\ngain access to new backups created by the user\u0027s system. This issue\nis addressed by verifying the unique identifier associated with a\ndisk for backup operations. \nCVE-ID\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\nDresden\n\nTomcat\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Tomcat 6.0.32\nDescription: Tomcat is updated to version 6.0.33 to address multiple\nvulnerabilities, the most serious of which may lead to the disclosure\nof sensitive information. Tomcat is only provided on Mac OS X Server\nsystems. This issue does not affect OS X Lion systems. Further\ninformation is available via the Tomcat site at\nhttp://tomcat.apache.org/\nCVE-ID\nCVE-2011-2204\n\nWebDAV Sharing\nAvailable for: OS X Lion Server v10.7 to v10.7.2\nImpact: Local users may obtain system privileges\nDescription: An issue existed in WebDAV Sharing\u0027s handling of user\nauthentication. A user with a valid account on the server or one of\nits bound directories could cause the execution of arbitrary code\nwith system privileges. This issue does not affect systems prior to\nOS X Lion. \nCVE-ID\nCVE-2011-3463 : Gordon Davisson of Crywolf\n\nWebmail\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted e-mail message may lead to the\ndisclosure of message content\nDescription: A cross-site scripting vulnerability existed in the\nhandling of mail messages. This issue is addressed by updating\nRoundcube Webmail to version 0.6. This issue does not affect systems\nprior to OS X Lion. Further information is available via the\nRoundcube site at http://trac.roundcube.net/\nCVE-ID\nCVE-2011-2937\n\nX11\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\nthe Software Update pane in System Preferences, or Apple\u0027s Software\nDownloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nSecurity Update 2021-001 or OS X v10.7.3. \n\nFor OS X Lion v10.7.2\nThe download file is named: MacOSXUpd10.7.3.dmg\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\n\nFor OS X Lion v10.7 and v10.7.1\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\n\nFor OS X Lion Server v10.7.2\nThe download file is named: MacOSXServerUpd10.7.3.dmg\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\n\nFor OS X Lion Server v10.7 and v10.7.1\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-001Snow.dmg\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-001.dmg\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\n=c1eU\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Subversion mod_dav_svn Two Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44681\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44681/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681\n\nRELEASE DATE:\n2011-06-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44681/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44681/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Apache Subversion, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\n2) An error within the mod_dav_svn module when handling certain\npath-based access control rules can be exploited to trigger an\ninfinite loop and exhaust memory. \n\nNOTE: A weakness in the handling of path-based access control rules,\nwhich could result in certain unreadable files and directories\nbecoming readable has also been reported. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Reported by the vendor\n2) The vendor credits Ivan Zhakov, VisualSVN. \n\nORIGINAL ADVISORY:\nhttp://subversion.apache.org/security/CVE-2011-1752-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1783-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1921-advisory.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201309-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Subversion: Multiple vulnerabilities\n Date: September 23, 2013\n Bugs: #350166, #356741, #369065, #463728, #463860, #472202, #482166\n ID: 201309-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion, allowing\nattackers to cause a Denial of Service, escalate privileges, or obtain\nsensitive information. \n\nBackground\n==========\n\nSubversion is a versioning system designed to be a replacement for CVS. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.7.13 \u003e= 1.7.13\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion. Please\nreview the CVE identifiers referenced below for details. A local attacker could escalate his privileges\nto the user running svnserve. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.7.13\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-4539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539\n[ 2 ] CVE-2010-4644\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644\n[ 3 ] CVE-2011-0715\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715\n[ 4 ] CVE-2011-1752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752\n[ 5 ] CVE-2011-1783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783\n[ 6 ] CVE-2011-1921\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921\n[ 7 ] CVE-2013-1845\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845\n[ 8 ] CVE-2013-1846\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846\n[ 9 ] CVE-2013-1847\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847\n[ 10 ] CVE-2013-1849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849\n[ 11 ] CVE-2013-1884\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884\n[ 12 ] CVE-2013-1968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968\n[ 13 ] CVE-2013-2088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088\n[ 14 ] CVE-2013-2112\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112\n[ 15 ] CVE-2013-4131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131\n[ 16 ] CVE-2013-4277\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201309-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2011-1752\n\n The mod_dav_svn Apache HTTPD server module can be crashed though\n when asked to deliver baselined WebDAV resources. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-7. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-6. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.17dfsg-1. \n\nWe recommend that you upgrade your subversion packages. ==========================================================================\nUbuntu Security Notice USN-1144-1\nJune 06, 2011\n\nsubversion vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nAn attacker could send crafted input to the Subversion mod_dav_svn module\nfor Apache and cause it to crash or gain access to restricted files. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nJoe Schaefer discovered that the Subversion mod_dav_svn module for Apache\ndid not properly handle certain baselined WebDAV resource requests. (CVE-2011-1752)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module for Apache\ndid not properly handle certain requests. (CVE-2011-1921)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.04:\n libapache2-svn 1.6.12dfsg-4ubuntu2.1\n\nUbuntu 10.10:\n libapache2-svn 1.6.12dfsg-1ubuntu1.3\n\nUbuntu 10.04 LTS:\n libapache2-svn 1.6.6dfsg-2ubuntu1.3\n\nAfter a standard system update you need to restart any applications that\nuse Subversion, such as Apache when using mod_dav_svn, to make all the\nnecessary changes. \n\nReferences:\n CVE-2011-1752, CVE-2011-1783, CVE-2011-1921\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/subversion/1.6.12dfsg-4ubuntu2.1\n https://launchpad.net/ubuntu/+source/subversion/1.6.12dfsg-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/subversion/1.6.6dfsg-2ubuntu1.3\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1752"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "VULHUB",
"id": "VHN-49697"
},
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "PACKETSTORM",
"id": "102034"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-1752",
"trust": 3.4
},
{
"db": "BID",
"id": "48091",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "44681",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1025617",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "44633",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44879",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44849",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44888",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45162",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001721",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201106-021",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "101948",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "102034",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "102004",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "102112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102118",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-49697",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109373",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101937",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123358",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49697"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "PACKETSTORM",
"id": "102034"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-021"
},
{
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"id": "VAR-201106-0131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49697"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:32:07.409000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "subversion-1.6.11-7.AXS3.4",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1454"
},
{
"title": "2231",
"trust": 0.8,
"url": "https://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2231"
},
{
"title": "RHSA-2011:0861",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0861.html"
},
{
"title": "RHSA-2011:0862",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0862.html"
},
{
"title": "CVE-2011-1752-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2011-1752-advisory.txt"
},
{
"title": "Subversion 1.6.17 Released",
"trust": 0.8,
"url": "http://svn.haxx.se/dev/archive-2011-06/0030.shtml"
},
{
"title": "Apache Subversion mod_dav_svn Repair measures for null pointer dereference vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129502"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49697"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/44681"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/48091"
},
{
"trust": 2.1,
"url": "http://subversion.apache.org/security/cve-2011-1752-advisory.txt"
},
{
"trust": 1.8,
"url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/changes"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1025617"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44633"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44849"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44879"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44888"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/45162"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2251"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-july/062211.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-june/061913.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:106"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0861.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0862.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1144-1"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5130"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709111"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18922"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1752"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1752"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id/1025617"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1752"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1783"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1921"
},
{
"trust": 0.4,
"url": "http://subversion.apache.org/security/cve-2011-1783-advisory.txt"
},
{
"trust": 0.4,
"url": "http://subversion.apache.org/security/cve-2011-1921-advisory.txt"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100141174"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1783"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1921"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "http://www.php.net"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0200"
},
{
"trust": 0.1,
"url": "http://trac.roundcube.net/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3256"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
},
{
"trust": 0.1,
"url": "http://www.freetype.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0241"
},
{
"trust": 0.1,
"url": "http://www.squirrelmail.org/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1657"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1637"
},
{
"trust": 0.1,
"url": "http://subversion.tigris.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3189"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44681/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44681/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1849"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1846"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4277"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2088"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4539"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1849"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0715"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4644"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1847"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1845"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1884"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1921"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4644"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201309-11.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4277"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1783"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.12dfsg-4ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.6dfsg-2ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.12dfsg-1ubuntu1.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49697"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "PACKETSTORM",
"id": "102034"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-021"
},
{
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-49697"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "PACKETSTORM",
"id": "102034"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-021"
},
{
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-06T00:00:00",
"db": "VULHUB",
"id": "VHN-49697"
},
{
"date": "2011-06-02T00:00:00",
"db": "BID",
"id": "48091"
},
{
"date": "2011-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"date": "2011-06-04T16:01:34",
"db": "PACKETSTORM",
"id": "102004"
},
{
"date": "2012-02-03T00:24:52",
"db": "PACKETSTORM",
"id": "109373"
},
{
"date": "2011-06-02T05:38:07",
"db": "PACKETSTORM",
"id": "101937"
},
{
"date": "2013-09-23T22:22:00",
"db": "PACKETSTORM",
"id": "123358"
},
{
"date": "2010-06-02T12:12:00",
"db": "PACKETSTORM",
"id": "101948"
},
{
"date": "2011-06-07T01:37:58",
"db": "PACKETSTORM",
"id": "102034"
},
{
"date": "2011-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-021"
},
{
"date": "2011-06-06T19:55:01.550000",
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49697"
},
{
"date": "2015-05-07T17:04:00",
"db": "BID",
"id": "48091"
},
{
"date": "2011-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001721"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-021"
},
{
"date": "2020-10-05T19:04:39.857000",
"db": "NVD",
"id": "CVE-2011-1752"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "102004"
},
{
"db": "PACKETSTORM",
"id": "102034"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-021"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion Used in Apache HTTP Server Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-021"
}
],
"trust": 0.6
}
}
VAR-201508-0171
Vulnerability from variot - Updated: 2024-02-13 22:08mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Apache Subversion is prone to an information-disclosure vulnerability. Successfully exploiting this issue can allow an attacker to obtain sensitive information that may aid in launching further attacks. The system is compatible with the Concurrent Versions System (CVS). ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580)
It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108)
Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)
Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0248)
Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)
C. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. (CVE-2015-3187)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1
Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-4 Xcode 7.3
Xcode 7.3 is now available and addresses the following:
otool Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes (@squiffy)
subversion Available for: OS X El Capitan v10.11 and later Impact: A malicious server may be able to execute arbitrary code Description: Multiple vulnerabilities existed in subversion versions prior to 1.7.21, the most serious of which may have led to remote code execution. These were addressed by updating subversion to version 1.7.22. Michael Pilato, CollabNet
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq OiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8 vXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T 4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl cuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt 6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq gEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12 OitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5 UfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9 8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd COicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw cU0NiqyyiqU1H29UaU50 =9aiD -----END PGP SIGNATURE----- .
Gentoo Linux Security Advisory GLSA 201610-05
https://security.gentoo.org/
Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05
Synopsis
Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code.
Background
Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.
The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
[ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:1742-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html Issue date: 2015-09-08 CVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 =====================================================================
- Summary:
Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.
An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184)
It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251)
It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187)
Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers 1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions 1247249 - CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
ppc64: mod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm subversion-1.7.14-7.el7_1.1.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-libs-1.7.14-7.el7_1.1.ppc.rpm subversion-libs-1.7.14-7.el7_1.1.ppc64.rpm
s390x: mod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm subversion-1.7.14-7.el7_1.1.s390x.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-libs-1.7.14-7.el7_1.1.s390.rpm subversion-libs-1.7.14-7.el7_1.1.s390x.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.ael7b_1.1.src.rpm
ppc64le: mod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: subversion-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-devel-1.7.14-7.el7_1.1.ppc.rpm subversion-devel-1.7.14-7.el7_1.1.ppc64.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm subversion-kde-1.7.14-7.el7_1.1.ppc.rpm subversion-kde-1.7.14-7.el7_1.1.ppc64.rpm subversion-perl-1.7.14-7.el7_1.1.ppc.rpm subversion-perl-1.7.14-7.el7_1.1.ppc64.rpm subversion-python-1.7.14-7.el7_1.1.ppc64.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm subversion-tools-1.7.14-7.el7_1.1.ppc64.rpm
s390x: subversion-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-devel-1.7.14-7.el7_1.1.s390.rpm subversion-devel-1.7.14-7.el7_1.1.s390x.rpm subversion-gnome-1.7.14-7.el7_1.1.s390.rpm subversion-gnome-1.7.14-7.el7_1.1.s390x.rpm subversion-javahl-1.7.14-7.el7_1.1.s390.rpm subversion-javahl-1.7.14-7.el7_1.1.s390x.rpm subversion-kde-1.7.14-7.el7_1.1.s390.rpm subversion-kde-1.7.14-7.el7_1.1.s390x.rpm subversion-perl-1.7.14-7.el7_1.1.s390.rpm subversion-perl-1.7.14-7.el7_1.1.s390x.rpm subversion-python-1.7.14-7.el7_1.1.s390x.rpm subversion-ruby-1.7.14-7.el7_1.1.s390.rpm subversion-ruby-1.7.14-7.el7_1.1.s390x.rpm subversion-tools-1.7.14-7.el7_1.1.s390x.rpm
x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0248 https://access.redhat.com/security/cve/CVE-2015-0251 https://access.redhat.com/security/cve/CVE-2015-3184 https://access.redhat.com/security/cve/CVE-2015-3187 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2015-0248-advisory.txt https://subversion.apache.org/security/CVE-2015-3184-advisory.txt https://subversion.apache.org/security/CVE-2015-0251-advisory.txt https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b KVJwbobNcmPzKule+9U7RnM= =F2J4 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "xcode",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.x"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.3"
},
{
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.4.x"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.7.21"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.4.16"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x el capitan v10.11 or later )"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.7.x"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7"
},
{
"model": "httpd",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "httpd",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.8.14"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.22"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.21"
},
{
"model": "httpd",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.16"
}
],
"sources": [
{
"db": "BID",
"id": "76274"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-097"
},
{
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "C. Michael Pilato of CollabNet.",
"sources": [
{
"db": "BID",
"id": "76274"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3184",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81145",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3184",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81145",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-3184",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81145"
},
{
"db": "VULMON",
"id": "CVE-2015-3184"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-097"
},
{
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Apache Subversion is prone to an information-disclosure vulnerability. \nSuccessfully exploiting this issue can allow an attacker to obtain sensitive information that may aid in launching further attacks. The system is compatible with the Concurrent Versions System (CVS). ============================================================================\nUbuntu Security Notice USN-2721-1\nAugust 20, 2015\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2014-3580)\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled requests requiring a lookup for a virtual transaction name that\ndoes not exist. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-8108)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly\nhandled large numbers of REPORT requests. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve\nmodules incorrectly certain crafted parameter combinations. (CVE-2015-0248)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module incorrectly\nhandled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)\n\nC. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based\nauthorization. (CVE-2015-3187)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libapache2-svn 1.8.10-5ubuntu1.1\n libsvn1 1.8.10-5ubuntu1.1\n subversion 1.8.10-5ubuntu1.1\n\nUbuntu 14.04 LTS:\n libapache2-svn 1.8.8-1ubuntu3.2\n libsvn1 1.8.8-1ubuntu3.2\n subversion 1.8.8-1ubuntu3.2\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.5\n libsvn1 1.6.17dfsg-3ubuntu3.5\n subversion 1.6.17dfsg-3ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-4 Xcode 7.3\n\nXcode 7.3 is now available and addresses the following:\n\notool\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes\n(@squiffy)\n\nsubversion\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious server may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in subversion versions\nprior to 1.7.21, the most serious of which may have led to remote\ncode execution. These were addressed by updating subversion to\nversion 1.7.22. Michael Pilato, CollabNet\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq\nOiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8\nvXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T\n4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl\ncuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt\n6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq\ngEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12\nOitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5\nUfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9\n8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd\nCOicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw\ncU0NiqyyiqU1H29UaU50\n=9aiD\n-----END PGP SIGNATURE-----\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201610-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Subversion, Serf: Multiple Vulnerabilities\n Date: October 11, 2016\n Bugs: #500482, #518716, #519202, #545348, #556076, #567810,\n #581448, #586046\n ID: 201610-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion and Serf, the\nworst of which could lead to execution of arbitrary code. \n\nBackground\n==========\n\nSubversion is a version control system intended to eventually replace\nCVS. Like CVS, it has an optional client-server architecture (where the\nserver can be an Apache server running mod_svn, or an ssh program as in\nCVS\u0027s :ext: method). In addition to supporting the features found in\nCVS, Subversion also provides support for moving and copying files and\ndirectories. \n\nThe serf library is a high performance C-based HTTP client library\nbuilt upon the Apache Portable Runtime (APR) library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.9.4 \u003e= 1.9.4\n *\u003e 1.8.16\n 2 net-libs/serf \u003c 1.3.7 \u003e= 1.3.7\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. \nPlease review the CVE identifiers referenced below for details\n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, conduct a man-in-the-middle attack, obtain\nsensitive information, or cause a Denial of Service Condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.9.4\"\n\nAll Serf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/serf-1.3.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032\n[ 2 ] CVE-2014-3504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504\n[ 3 ] CVE-2014-3522\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522\n[ 4 ] CVE-2014-3528\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528\n[ 5 ] CVE-2015-0202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202\n[ 6 ] CVE-2015-0248\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248\n[ 7 ] CVE-2015-0251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251\n[ 8 ] CVE-2015-3184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184\n[ 9 ] CVE-2015-3187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187\n[ 10 ] CVE-2015-5259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259\n[ 11 ] CVE-2016-2167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167\n[ 12 ] CVE-2016-2168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:1742-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html\nIssue date: 2015-09-08\nCVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 \n CVE-2015-3187 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP. \n\nAn assertion failure flaw was found in the way the SVN server processed\ncertain requests with dynamically evaluated revision numbers. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. This could allow a user to anonymously\naccess files in a Subversion repository, which should only be accessible to\nauthenticated users. (CVE-2015-3184)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property. \n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael\nPilato of CollabNet as the original reporter of CVE-2015-3184 and\nCVE-2015-3187 flaws. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers\n1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions\n1247249 - CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4\n1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nppc64:\nmod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-libs-1.7.14-7.el7_1.1.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-libs-1.7.14-7.el7_1.1.s390.rpm\nsubversion-libs-1.7.14-7.el7_1.1.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.ael7b_1.1.src.rpm\n\nppc64le:\nmod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsubversion-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-devel-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-kde-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-perl-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-python-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.ppc64.rpm\n\ns390x:\nsubversion-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-devel-1.7.14-7.el7_1.1.s390.rpm\nsubversion-devel-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.s390.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.s390.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-kde-1.7.14-7.el7_1.1.s390.rpm\nsubversion-kde-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-perl-1.7.14-7.el7_1.1.s390.rpm\nsubversion-perl-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-python-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.s390.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-tools-1.7.14-7.el7_1.1.s390x.rpm\n\nx86_64:\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nsubversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0248\nhttps://access.redhat.com/security/cve/CVE-2015-0251\nhttps://access.redhat.com/security/cve/CVE-2015-3184\nhttps://access.redhat.com/security/cve/CVE-2015-3187\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2015-0248-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3184-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-0251-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3187-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b\nKVJwbobNcmPzKule+9U7RnM=\n=F2J4\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3184"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"db": "BID",
"id": "76274"
},
{
"db": "VULHUB",
"id": "VHN-81145"
},
{
"db": "VULMON",
"id": "CVE-2015-3184"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "136345"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133473"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-81145",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81145"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3184",
"trust": 3.3
},
{
"db": "SECTRACK",
"id": "1033215",
"trust": 2.6
},
{
"db": "BID",
"id": "76274",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-097",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136345",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-81145",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3184",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133236",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133473",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81145"
},
{
"db": "VULMON",
"id": "CVE-2015-3184"
},
{
"db": "BID",
"id": "76274"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "136345"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-097"
},
{
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"id": "VAR-201508-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81145"
}
],
"trust": 0.43333334
},
"last_update_date": "2024-02-13T22:08:39.090000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2015-3184-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2015-3184-advisory.txt"
},
{
"title": "APPLE-SA-2016-03-21-4 Xcode 7.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00003.html"
},
{
"title": "HT206172",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206172"
},
{
"title": "HT206172",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206172"
},
{
"title": "Debian Security Advisories: DSA-3331-1 subversion -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c4f6676d49d7fdb86b699dbfdb6dd06f"
},
{
"title": "Red Hat: CVE-2015-3184",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3184"
},
{
"title": "Amazon Linux AMI: ALAS-2016-676",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-676"
},
{
"title": "Ubuntu Security Notice: subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2721-1"
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodansearch "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3184"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.securitytracker.com/id/1033215"
},
{
"trust": 2.2,
"url": "http://subversion.apache.org/security/cve-2015-3184-advisory.txt"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1742.html"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2721-1"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00003.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76274"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht206172"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2015/dsa-3331"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3184"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3184"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-3184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-3331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2721-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5259"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2167"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2015-0248-advisory.txt"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2015-3187-advisory.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0248"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2015-0251-advisory.txt"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81145"
},
{
"db": "VULMON",
"id": "CVE-2015-3184"
},
{
"db": "BID",
"id": "76274"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "136345"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-097"
},
{
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81145"
},
{
"db": "VULMON",
"id": "CVE-2015-3184"
},
{
"db": "BID",
"id": "76274"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "136345"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-097"
},
{
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-81145"
},
{
"date": "2015-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3184"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "76274"
},
{
"date": "2015-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"date": "2015-08-21T16:59:18",
"db": "PACKETSTORM",
"id": "133236"
},
{
"date": "2016-03-22T15:15:02",
"db": "PACKETSTORM",
"id": "136345"
},
{
"date": "2016-10-12T04:50:20",
"db": "PACKETSTORM",
"id": "139060"
},
{
"date": "2015-09-08T15:47:21",
"db": "PACKETSTORM",
"id": "133473"
},
{
"date": "2015-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-097"
},
{
"date": "2015-08-12T14:59:10.997000",
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-81145"
},
{
"date": "2017-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3184"
},
{
"date": "2016-10-26T00:16:00",
"db": "BID",
"id": "76274"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004063"
},
{
"date": "2015-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-097"
},
{
"date": "2017-07-01T01:29:15.670000",
"db": "NVD",
"id": "CVE-2015-3184"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-097"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion of mod_authz_svn Vulnerable to reading hidden files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004063"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-097"
}
],
"trust": 0.6
}
}
VAR-202204-0433
Vulnerability from variot - Updated: 2024-02-05 21:43Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. Apache Subversion SVN There is a vulnerability related to information leakage.Information may be obtained. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). ========================================================================== Ubuntu Security Notice USN-5372-1 April 12, 2022
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Subversion. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544)
Thomas Wei\xdfschuh discovered that Subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libapache2-mod-svn 1.14.1-3ubuntu0.1 libsvn-java 1.14.1-3ubuntu0.1 libsvn-perl 1.14.1-3ubuntu0.1 libsvn1 1.14.1-3ubuntu0.1 python3-subversion 1.14.1-3ubuntu0.1 ruby-svn 1.14.1-3ubuntu0.1 subversion 1.14.1-3ubuntu0.1 subversion-tools 1.14.1-3ubuntu0.1
Ubuntu 20.04 LTS: libapache2-mod-svn 1.13.0-3ubuntu0.1 libsvn-java 1.13.0-3ubuntu0.1 libsvn-perl 1.13.0-3ubuntu0.1 libsvn1 1.13.0-3ubuntu0.1 python-subversion 1.13.0-3ubuntu0.1 ruby-svn 1.13.0-3ubuntu0.1 subversion 1.13.0-3ubuntu0.1 subversion-tools 1.13.0-3ubuntu0.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5119-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2022 https://www.debian.org/security/faq
Package : subversion CVE ID : CVE-2021-28544 CVE-2022-24070
Several vulnerabilities were discovered in Subversion, a version control system.
CVE-2022-24070
Thomas Weissschuh reported that Subversion's mod_dav_svn is prone to
a use-after-free vulnerability when looking up path-based
authorization rules, which can result in denial of service (crash of
HTTPD worker handling the request).
For the oldstable distribution (buster), these problems have been fixed in version 1.10.4-1+deb10u3.
For the stable distribution (bullseye), these problems have been fixed in version 1.14.1-3+deb11u1.
We recommend that you upgrade your subversion packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.14.1"
},
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "subversion",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.14.1",
"versionStartIncluding": "1.10.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167280"
}
],
"trust": 0.2
},
"cve": "CVE-2021-28544",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-28544",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-388003",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-28544",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-28544",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2951",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-388003",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-28544",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \u0027copyfrom\u0027 paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \u0027copyfrom\u0027 path of the original. This also reveals the fact that the node was copied. Only the \u0027copyfrom\u0027 path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. Apache Subversion SVN There is a vulnerability related to information leakage.Information may be obtained. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). ==========================================================================\nUbuntu Security Notice USN-5372-1\nApril 12, 2022\n\nsubversion vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. An attacker could\npotentially use this issue to retrieve information about private paths. \n(CVE-2021-28544)\n\nThomas Wei\\xdfschuh discovered that Subversion servers did not properly handle\nmemory in certain configurations. A remote attacker could potentially use\nthis issue to cause a denial of service or other unspecified impact. \n(CVE-2022-24070)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libapache2-mod-svn 1.14.1-3ubuntu0.1\n libsvn-java 1.14.1-3ubuntu0.1\n libsvn-perl 1.14.1-3ubuntu0.1\n libsvn1 1.14.1-3ubuntu0.1\n python3-subversion 1.14.1-3ubuntu0.1\n ruby-svn 1.14.1-3ubuntu0.1\n subversion 1.14.1-3ubuntu0.1\n subversion-tools 1.14.1-3ubuntu0.1\n\nUbuntu 20.04 LTS:\n libapache2-mod-svn 1.13.0-3ubuntu0.1\n libsvn-java 1.13.0-3ubuntu0.1\n libsvn-perl 1.13.0-3ubuntu0.1\n libsvn1 1.13.0-3ubuntu0.1\n python-subversion 1.13.0-3ubuntu0.1\n ruby-svn 1.13.0-3ubuntu0.1\n subversion 1.13.0-3ubuntu0.1\n subversion-tools 1.13.0-3ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5119-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 13, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : subversion\nCVE ID : CVE-2021-28544 CVE-2022-24070\n\nSeveral vulnerabilities were discovered in Subversion, a version control\nsystem. \n\nCVE-2022-24070\n\n Thomas Weissschuh reported that Subversion\u0027s mod_dav_svn is prone to\n a use-after-free vulnerability when looking up path-based\n authorization rules, which can result in denial of service (crash of\n HTTPD worker handling the request). \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 1.10.4-1+deb10u3. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.14.1-3+deb11u1. \n\nWe recommend that you upgrade your subversion packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-2 macOS Monterey 12.5\n\nmacOS Monterey 12.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCoreMedia\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167787"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28544",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167280",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166704",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.1641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3559",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1596",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052711",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041263",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041402",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-38525",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388003",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-28544",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"id": "VAR-202204-0433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-05T21:43:39.635000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213345",
"trust": 0.8,
"url": "https://subversion.apache.org/security/cve-2021-28544-advisory.txt"
},
{
"title": "Apache Subversion Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=190229"
},
{
"title": "Ubuntu Security Notice: USN-5372-1: Subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5372-1"
},
{
"title": "Ubuntu Security Notice: USN-5450-1: Subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5450-1"
},
{
"title": "Debian Security Advisories: DSA-5119-1 subversion -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=92807168ef39b4ee91e68837b0467938"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-28544"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-149",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-149"
},
{
"title": "Apple: macOS Monterey 12.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c765c13fa342a7957a4e91e6dc3d34f4"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "information leak (CWE-200) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/18"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/"
},
{
"trust": 1.8,
"url": "https://subversion.apache.org/security/cve-2021-28544-advisory.txt"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213345"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3559"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167787/apple-security-advisory-2022-07-20-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1596"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041263"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2639"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072101"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/subversion-information-disclosure-via-copyfrom-paths-38022"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-28544/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041402"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166704/ubuntu-security-notice-usn-5372-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167280/ubuntu-security-notice-usn-5450-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070708"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-28544"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052711"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5372-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.13.0-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/subversion"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5450-1"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-388003"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"date": "2022-04-13T15:00:52",
"db": "PACKETSTORM",
"id": "166704"
},
{
"date": "2022-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "169362"
},
{
"date": "2022-05-27T15:37:43",
"db": "PACKETSTORM",
"id": "167280"
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"date": "2022-04-12T18:15:08.250000",
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-388003"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"date": "2023-08-07T01:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"date": "2022-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"date": "2023-02-11T17:44:50.733000",
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0Subversion\u00a0SVN\u00a0 Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
}
],
"trust": 0.6
}
}
VAR-201412-0309
Vulnerability from variot - Updated: 2023-12-18 11:52The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apache subversion is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the affected process, causing denial of service conditions. Subversion versions 1.7.0 through 1.7.18 and 1.8.0 through 1.8.10 are affected. Subversion is an open source version control system of the Apache Software Foundation in the United States. The main function of the system is to be compatible with the concurrent version management system (CVS). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUqoNCmqjQ0CJFipgRAqwFAKCUALR1yu7OcAY6tP4LrYCdhQMJDACg7FG5 zlOOLTc8tjEXNuj5PnqflP0= =huIz -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)
Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0248)
Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)
C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. (CVE-2015-3187)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1
Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 =====================================================================
- Summary:
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-8108)
It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528)
Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
ppc64: mod_dav_svn-1.7.14-7.el7_0.ppc64.rpm subversion-1.7.14-7.el7_0.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-libs-1.7.14-7.el7_0.ppc.rpm subversion-libs-1.7.14-7.el7_0.ppc64.rpm
s390x: mod_dav_svn-1.7.14-7.el7_0.s390x.rpm subversion-1.7.14-7.el7_0.s390x.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-libs-1.7.14-7.el7_0.s390.rpm subversion-libs-1.7.14-7.el7_0.s390x.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: subversion-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-devel-1.7.14-7.el7_0.ppc.rpm subversion-devel-1.7.14-7.el7_0.ppc64.rpm subversion-gnome-1.7.14-7.el7_0.ppc.rpm subversion-gnome-1.7.14-7.el7_0.ppc64.rpm subversion-javahl-1.7.14-7.el7_0.ppc.rpm subversion-javahl-1.7.14-7.el7_0.ppc64.rpm subversion-kde-1.7.14-7.el7_0.ppc.rpm subversion-kde-1.7.14-7.el7_0.ppc64.rpm subversion-perl-1.7.14-7.el7_0.ppc.rpm subversion-perl-1.7.14-7.el7_0.ppc64.rpm subversion-python-1.7.14-7.el7_0.ppc64.rpm subversion-ruby-1.7.14-7.el7_0.ppc.rpm subversion-ruby-1.7.14-7.el7_0.ppc64.rpm subversion-tools-1.7.14-7.el7_0.ppc64.rpm
s390x: subversion-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-devel-1.7.14-7.el7_0.s390.rpm subversion-devel-1.7.14-7.el7_0.s390x.rpm subversion-gnome-1.7.14-7.el7_0.s390.rpm subversion-gnome-1.7.14-7.el7_0.s390x.rpm subversion-javahl-1.7.14-7.el7_0.s390.rpm subversion-javahl-1.7.14-7.el7_0.s390x.rpm subversion-kde-1.7.14-7.el7_0.s390.rpm subversion-kde-1.7.14-7.el7_0.s390x.rpm subversion-perl-1.7.14-7.el7_0.s390.rpm subversion-perl-1.7.14-7.el7_0.s390x.rpm subversion-python-1.7.14-7.el7_0.s390x.rpm subversion-ruby-1.7.14-7.el7_0.s390.rpm subversion-ruby-1.7.14-7.el7_0.s390x.rpm subversion-tools-1.7.14-7.el7_0.s390x.rpm
x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/cve/CVE-2014-8108 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt https://subversion.apache.org/security/CVE-2014-8108-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll KM6EsnQkXd09uLTe1k+tQaU= =CuZg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache Subversion to version 1.7.19. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108
Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial
Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "6.2"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "1.7.19"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.23"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.x"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.11"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.4 or later )"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.7.x"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "71725"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"db": "NVD",
"id": "CVE-2014-8108"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8108"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Kotkov, VisualSVN",
"sources": [
{
"db": "BID",
"id": "71725"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8108",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-8108",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-76053",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8108",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76053",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76053"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"db": "NVD",
"id": "CVE-2014-8108"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apache subversion is prone to a remote denial-of-service vulnerability. \nExploiting this issue allows remote attackers to crash the affected process, causing denial of service conditions. \nSubversion versions 1.7.0 through 1.7.18 and 1.8.0 through 1.8.10 are affected. Subversion is an open source version control system of the Apache Software Foundation in the United States. The main function of the system is to be compatible with the concurrent version management system (CVS). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUqoNCmqjQ0CJFipgRAqwFAKCUALR1yu7OcAY6tP4LrYCdhQMJDACg7FG5\nzlOOLTc8tjEXNuj5PnqflP0=\n=huIz\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2721-1\nAugust 20, 2015\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. This issue only affected Ubuntu\n14.04 LTS. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve\nmodules incorrectly certain crafted parameter combinations. (CVE-2015-0248)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module incorrectly\nhandled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)\n\nC. Michael Pilato discovered that the Subversion mod_dav_svn module\nincorrectly restricted anonymous access. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based\nauthorization. (CVE-2015-3187)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libapache2-svn 1.8.10-5ubuntu1.1\n libsvn1 1.8.10-5ubuntu1.1\n subversion 1.8.10-5ubuntu1.1\n\nUbuntu 14.04 LTS:\n libapache2-svn 1.8.8-1ubuntu3.2\n libsvn1 1.8.8-1ubuntu3.2\n subversion 1.8.8-1ubuntu3.2\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.5\n libsvn1 1.6.17dfsg-3ubuntu3.5\n subversion 1.6.17dfsg-3ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:0166-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html\nIssue date: 2015-02-10\nCVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP. A remote, unauthenticated attacker could use a\nspecially crafted REPORT request to crash mod_dav_svn. (CVE-2014-8108)\n\nIt was discovered that Subversion clients retrieved cached authentication\ncredentials using the MD5 hash of the server realm string without also\nchecking the server\u0027s URL. A malicious server able to provide a realm that\ntriggers an MD5 collision could possibly use this flaw to obtain the\ncredentials for a different realm. (CVE-2014-3528)\n\nRed Hat would like to thank the Subversion project for reporting\nCVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of\nVisualSVN as the original reporter. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision\n1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests\n1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nppc64:\nmod_dav_svn-1.7.14-7.el7_0.ppc64.rpm\nsubversion-1.7.14-7.el7_0.ppc64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm\nsubversion-libs-1.7.14-7.el7_0.ppc.rpm\nsubversion-libs-1.7.14-7.el7_0.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.7.14-7.el7_0.s390x.rpm\nsubversion-1.7.14-7.el7_0.s390x.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390x.rpm\nsubversion-libs-1.7.14-7.el7_0.s390.rpm\nsubversion-libs-1.7.14-7.el7_0.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsubversion-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm\nsubversion-devel-1.7.14-7.el7_0.ppc.rpm\nsubversion-devel-1.7.14-7.el7_0.ppc64.rpm\nsubversion-gnome-1.7.14-7.el7_0.ppc.rpm\nsubversion-gnome-1.7.14-7.el7_0.ppc64.rpm\nsubversion-javahl-1.7.14-7.el7_0.ppc.rpm\nsubversion-javahl-1.7.14-7.el7_0.ppc64.rpm\nsubversion-kde-1.7.14-7.el7_0.ppc.rpm\nsubversion-kde-1.7.14-7.el7_0.ppc64.rpm\nsubversion-perl-1.7.14-7.el7_0.ppc.rpm\nsubversion-perl-1.7.14-7.el7_0.ppc64.rpm\nsubversion-python-1.7.14-7.el7_0.ppc64.rpm\nsubversion-ruby-1.7.14-7.el7_0.ppc.rpm\nsubversion-ruby-1.7.14-7.el7_0.ppc64.rpm\nsubversion-tools-1.7.14-7.el7_0.ppc64.rpm\n\ns390x:\nsubversion-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390x.rpm\nsubversion-devel-1.7.14-7.el7_0.s390.rpm\nsubversion-devel-1.7.14-7.el7_0.s390x.rpm\nsubversion-gnome-1.7.14-7.el7_0.s390.rpm\nsubversion-gnome-1.7.14-7.el7_0.s390x.rpm\nsubversion-javahl-1.7.14-7.el7_0.s390.rpm\nsubversion-javahl-1.7.14-7.el7_0.s390x.rpm\nsubversion-kde-1.7.14-7.el7_0.s390.rpm\nsubversion-kde-1.7.14-7.el7_0.s390x.rpm\nsubversion-perl-1.7.14-7.el7_0.s390.rpm\nsubversion-perl-1.7.14-7.el7_0.s390x.rpm\nsubversion-python-1.7.14-7.el7_0.s390x.rpm\nsubversion-ruby-1.7.14-7.el7_0.s390.rpm\nsubversion-ruby-1.7.14-7.el7_0.s390x.rpm\nsubversion-tools-1.7.14-7.el7_0.s390x.rpm\n\nx86_64:\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3528\nhttps://access.redhat.com/security/cve/CVE-2014-3580\nhttps://access.redhat.com/security/cve/CVE-2014-8108\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2014-3528-advisory.txt\nhttps://subversion.apache.org/security/CVE-2014-3580-advisory.txt\nhttps://subversion.apache.org/security/CVE-2014-8108-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll\nKM6EsnQkXd09uLTe1k+tQaU=\n=CuZg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThese issues were addressed by updating Apache Subversion to version\n1.7.19. \nCVE-ID\nCVE-2014-3522\nCVE-2014-3528\nCVE-2014-3580\nCVE-2014-8108\n\nGit\nAvailable for: OS X Mavericks v10.9.4 or later\nImpact: Synching with a malicious git repository may allow\nunexpected files to be added to the .git folder\nDescription: The checks involved in disallowed paths did not account\nfor case insensitivity or unicode characters. This issue was\naddressed by adding additional checks. \nCVE-ID\nCVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of\nMercurial\n\nXcode 6.2 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"6.2\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8108"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"db": "BID",
"id": "71725"
},
{
"db": "VULHUB",
"id": "VHN-76053"
},
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8108",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "61131",
"trust": 2.5
},
{
"db": "BID",
"id": "71725",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU90171154",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007293",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-397",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-76053",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133236",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130744",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76053"
},
{
"db": "BID",
"id": "71725"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "NVD",
"id": "CVE-2014-8108"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
]
},
"id": "VAR-201412-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76053"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:52:12.582000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-03-09-4 Xcode 6.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204427"
},
{
"title": "RHSA-2015:0166",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0166.html"
},
{
"title": "mod_dav_svn is vulnerable to a remotely triggerable segfault DoS vulnerability for requests with no existant virtual transaction names.",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2014-8108-advisory.txt"
},
{
"title": "subversion-1.8.11",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52886"
},
{
"title": "subversion-1.7.19",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52885"
},
{
"title": "subversion-1.7.19",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52884"
},
{
"title": "subversion-1.8.11",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52888"
},
{
"title": "subversion-1.7.19",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52883"
},
{
"title": "subversion-1.8.11",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52887"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"db": "NVD",
"id": "CVE-2014-8108"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/61131"
},
{
"trust": 2.1,
"url": "http://subversion.apache.org/security/cve-2014-8108-advisory.txt"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0166.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2721-1"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/71725"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204427"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8108"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90171154/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8108"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0545.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3580"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3580"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2014-3580-advisory.txt"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2014-3528-advisory.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9390"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76053"
},
{
"db": "BID",
"id": "71725"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "NVD",
"id": "CVE-2014-8108"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-76053"
},
{
"db": "BID",
"id": "71725"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "NVD",
"id": "CVE-2014-8108"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-76053"
},
{
"date": "2014-12-18T00:00:00",
"db": "BID",
"id": "71725"
},
{
"date": "2014-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"date": "2015-01-06T17:02:00",
"db": "PACKETSTORM",
"id": "129821"
},
{
"date": "2015-08-21T16:59:18",
"db": "PACKETSTORM",
"id": "133236"
},
{
"date": "2015-02-11T01:49:16",
"db": "PACKETSTORM",
"id": "130344"
},
{
"date": "2015-03-10T16:22:37",
"db": "PACKETSTORM",
"id": "130744"
},
{
"date": "2014-12-18T15:59:01.350000",
"db": "NVD",
"id": "CVE-2014-8108"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-03T00:00:00",
"db": "VULHUB",
"id": "VHN-76053"
},
{
"date": "2015-11-03T19:05:00",
"db": "BID",
"id": "71725"
},
{
"date": "2015-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007293"
},
{
"date": "2017-01-03T02:59:18.097000",
"db": "NVD",
"id": "CVE-2014-8108"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion of mod_dav_svn Apache HTTPD server Service disruption in modules (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-397"
}
],
"trust": 0.6
}
}
VAR-201408-0086
Vulnerability from variot - Updated: 2023-12-18 11:39The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Supplementary information : CWE Vulnerability type by CWE-297: Improper Validation of Certificate with Host Mismatch ( Improper validation of certificates due to host mismatch ) Has been identified. http://cwe.mitre.org/data/definitions/297.htmlA man-in-the-middle attack can impersonate a server through a crafted certificate. Apache Subversion is prone to an information disclosure vulnerability. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). The vulnerability stems from the fact that the program does not correctly handle the Common Name ( CN) or a wildcard for the subjectAltName field. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:085 http://www.mandriva.com/en/support/security/
Package : subversion Date : March 28, 2015 Affected: Business Server 2.0
Problem Description:
Updated subversion packages fix security vulnerabilities:
The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via an OPTIONS request (CVE-2014-0032).
Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards.
Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528).
A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580).
A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528 http://advisories.mageia.org/MGASA-2014-0105.html http://advisories.mageia.org/MGASA-2014-0339.html http://advisories.mageia.org/MGASA-2014-0545.html
Updated Packages:
Mandriva Business Server 2/X86_64: 3c1e67f77228815883b105a8e62a10e0 mbs2/x86_64/apache-mod_dav_svn-1.8.11-1.mbs2.x86_64.rpm 35c5f1efb679c09bc48d917b94954713 mbs2/x86_64/lib64svn0-1.8.11-1.mbs2.x86_64.rpm 56722eb7ac7b08654d795a5981ebd210 mbs2/x86_64/lib64svnjavahl1-1.8.11-1.mbs2.x86_64.rpm e1479d1c61864767d56a147bb4ee9b7f mbs2/x86_64/perl-SVN-1.8.11-1.mbs2.x86_64.rpm 7c4d79f31b0559c22cc84f39a06f9da0 mbs2/x86_64/perl-svn-devel-1.8.11-1.mbs2.x86_64.rpm 14720ab01668a9d04b566d5102c09f68 mbs2/x86_64/python-svn-1.8.11-1.mbs2.x86_64.rpm 07db3a7142457efc1e0547fd40bbf03f mbs2/x86_64/python-svn-devel-1.8.11-1.mbs2.x86_64.rpm 8d0511abbed2c57f505183bf00c4ab0d mbs2/x86_64/ruby-svn-1.8.11-1.mbs2.x86_64.rpm 8d062f6dd429b87f2b1d432c92e9a84a mbs2/x86_64/ruby-svn-devel-1.8.11-1.mbs2.x86_64.rpm 31e14a18991a2383065a069d53d3cd4e mbs2/x86_64/subversion-1.8.11-1.mbs2.x86_64.rpm 1ce1c374c428409e8a6380d64b8706f8 mbs2/x86_64/subversion-devel-1.8.11-1.mbs2.x86_64.rpm 052411de41e785decc0bc130e2756eff mbs2/x86_64/subversion-doc-1.8.11-1.mbs2.x86_64.rpm 98c1473e3721e4c9a6996db448c6ff36 mbs2/x86_64/subversion-server-1.8.11-1.mbs2.x86_64.rpm 6ad3881116530af4d889bb6c142d70dc mbs2/x86_64/subversion-tools-1.8.11-1.mbs2.x86_64.rpm 3fb0c871a5771c8fe4c6475b5ac0406c mbs2/x86_64/svn-javahl-1.8.11-1.mbs2.x86_64.rpm 45e0624a89e4c79d4739cd4eb22d9a29 mbs2/SRPMS/subversion-1.8.11-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFl6JmqjQ0CJFipgRAgkVAJ4xKUzteqhyYcBC4AuYoZ7Lv3oQZQCfROhl NaJSaZq4W6qIMwD8fhQF5Ls= =R/mF -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2316-1 August 14, 2014
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-3528)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libsvn1 1.8.8-1ubuntu3.1 subversion 1.8.8-1ubuntu3.1
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.4 libsvn1 1.6.17dfsg-3ubuntu3.4 subversion 1.6.17dfsg-3ubuntu3.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2316-1 CVE-2014-0032, CVE-2014-3522, CVE-2014-3528
Package Information: https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1 https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4 .
Gentoo Linux Security Advisory GLSA 201610-05
https://security.gentoo.org/
Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05
Synopsis
Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code.
Background
Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.
The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
[ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108
Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial
Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "6.2"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0086",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.23"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.4.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.4.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.4.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.4.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.4.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.4.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.3"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.x"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.4 or later )"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.4.0 from 1.7.x"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "12.04 lts"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.22"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.37"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.36"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.35"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.34"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.33"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.31"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.30"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.29"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.27"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.26"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.25"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.23"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.20.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.18.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.17.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.16.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.11.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.4.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.35.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.33.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.32.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.19.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.0"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.18"
}
],
"sources": [
{
"db": "BID",
"id": "69237"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"db": "NVD",
"id": "CVE-2014-3522"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3522"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Reser",
"sources": [
{
"db": "BID",
"id": "69237"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3522",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-71462",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3522",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-233",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71462",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3522",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71462"
},
{
"db": "VULMON",
"id": "CVE-2014-3522"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"db": "NVD",
"id": "CVE-2014-3522"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Supplementary information : CWE Vulnerability type by CWE-297: Improper Validation of Certificate with Host Mismatch ( Improper validation of certificates due to host mismatch ) Has been identified. http://cwe.mitre.org/data/definitions/297.htmlA man-in-the-middle attack can impersonate a server through a crafted certificate. Apache Subversion is prone to an information disclosure vulnerability. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). The vulnerability stems from the fact that the program does not correctly handle the Common Name ( CN) or a wildcard for the subjectAltName field. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:085\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : subversion\n Date : March 28, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated subversion packages fix security vulnerabilities:\n \n The mod_dav_svn module in Apache Subversion before 1.8.8, when\n SVNListParentPath is enabled, allows remote attackers to cause a\n denial of service (crash) via an OPTIONS request (CVE-2014-0032). \n \n Ben Reser discovered that Subversion did not correctly validate SSL\n certificates containing wildcards. \n \n Bert Huijben discovered that Subversion did not properly handle\n cached credentials. A malicious server could possibly use this issue\n to obtain credentials cached for a different server (CVE-2014-3528). \n \n A NULL pointer dereference flaw was found in the way mod_dav_svn\n handled REPORT requests. A remote, unauthenticated attacker could\n use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). \n \n A NULL pointer dereference flaw was found in the way mod_dav_svn\n handled URIs for virtual transaction names. A remote, unauthenticated\n attacker could send a request for a virtual transaction name that\n does not exist, causing mod_dav_svn to crash (CVE-2014-8108). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528\n http://advisories.mageia.org/MGASA-2014-0105.html\n http://advisories.mageia.org/MGASA-2014-0339.html\n http://advisories.mageia.org/MGASA-2014-0545.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 3c1e67f77228815883b105a8e62a10e0 mbs2/x86_64/apache-mod_dav_svn-1.8.11-1.mbs2.x86_64.rpm\n 35c5f1efb679c09bc48d917b94954713 mbs2/x86_64/lib64svn0-1.8.11-1.mbs2.x86_64.rpm\n 56722eb7ac7b08654d795a5981ebd210 mbs2/x86_64/lib64svnjavahl1-1.8.11-1.mbs2.x86_64.rpm\n e1479d1c61864767d56a147bb4ee9b7f mbs2/x86_64/perl-SVN-1.8.11-1.mbs2.x86_64.rpm\n 7c4d79f31b0559c22cc84f39a06f9da0 mbs2/x86_64/perl-svn-devel-1.8.11-1.mbs2.x86_64.rpm\n 14720ab01668a9d04b566d5102c09f68 mbs2/x86_64/python-svn-1.8.11-1.mbs2.x86_64.rpm\n 07db3a7142457efc1e0547fd40bbf03f mbs2/x86_64/python-svn-devel-1.8.11-1.mbs2.x86_64.rpm\n 8d0511abbed2c57f505183bf00c4ab0d mbs2/x86_64/ruby-svn-1.8.11-1.mbs2.x86_64.rpm\n 8d062f6dd429b87f2b1d432c92e9a84a mbs2/x86_64/ruby-svn-devel-1.8.11-1.mbs2.x86_64.rpm\n 31e14a18991a2383065a069d53d3cd4e mbs2/x86_64/subversion-1.8.11-1.mbs2.x86_64.rpm\n 1ce1c374c428409e8a6380d64b8706f8 mbs2/x86_64/subversion-devel-1.8.11-1.mbs2.x86_64.rpm\n 052411de41e785decc0bc130e2756eff mbs2/x86_64/subversion-doc-1.8.11-1.mbs2.x86_64.rpm\n 98c1473e3721e4c9a6996db448c6ff36 mbs2/x86_64/subversion-server-1.8.11-1.mbs2.x86_64.rpm\n 6ad3881116530af4d889bb6c142d70dc mbs2/x86_64/subversion-tools-1.8.11-1.mbs2.x86_64.rpm\n 3fb0c871a5771c8fe4c6475b5ac0406c mbs2/x86_64/svn-javahl-1.8.11-1.mbs2.x86_64.rpm \n 45e0624a89e4c79d4739cd4eb22d9a29 mbs2/SRPMS/subversion-1.8.11-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFl6JmqjQ0CJFipgRAgkVAJ4xKUzteqhyYcBC4AuYoZ7Lv3oQZQCfROhl\nNaJSaZq4W6qIMwD8fhQF5Ls=\n=R/mF\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2316-1\nAugust 14, 2014\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nLieven Govaerts discovered that the Subversion mod_dav_svn module\nincorrectly handled certain request methods when SVNListParentPath was\nenabled. This issue only affected Ubuntu\n12.04 LTS. (CVE-2014-3528)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libsvn1 1.8.8-1ubuntu3.1\n subversion 1.8.8-1ubuntu3.1\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.4\n libsvn1 1.6.17dfsg-3ubuntu3.4\n subversion 1.6.17dfsg-3ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2316-1\n CVE-2014-0032, CVE-2014-3522, CVE-2014-3528\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1\n https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201610-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Subversion, Serf: Multiple Vulnerabilities\n Date: October 11, 2016\n Bugs: #500482, #518716, #519202, #545348, #556076, #567810,\n #581448, #586046\n ID: 201610-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion and Serf, the\nworst of which could lead to execution of arbitrary code. \n\nBackground\n==========\n\nSubversion is a version control system intended to eventually replace\nCVS. Like CVS, it has an optional client-server architecture (where the\nserver can be an Apache server running mod_svn, or an ssh program as in\nCVS\u0027s :ext: method). In addition to supporting the features found in\nCVS, Subversion also provides support for moving and copying files and\ndirectories. \n\nThe serf library is a high performance C-based HTTP client library\nbuilt upon the Apache Portable Runtime (APR) library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.9.4 \u003e= 1.9.4\n *\u003e 1.8.16\n 2 net-libs/serf \u003c 1.3.7 \u003e= 1.3.7\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. \nPlease review the CVE identifiers referenced below for details\n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, conduct a man-in-the-middle attack, obtain\nsensitive information, or cause a Denial of Service Condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.9.4\"\n\nAll Serf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/serf-1.3.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032\n[ 2 ] CVE-2014-3504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504\n[ 3 ] CVE-2014-3522\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522\n[ 4 ] CVE-2014-3528\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528\n[ 5 ] CVE-2015-0202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202\n[ 6 ] CVE-2015-0248\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248\n[ 7 ] CVE-2015-0251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251\n[ 8 ] CVE-2015-3184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184\n[ 9 ] CVE-2015-3187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187\n[ 10 ] CVE-2015-5259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259\n[ 11 ] CVE-2016-2167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167\n[ 12 ] CVE-2016-2168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \nCVE-ID\nCVE-2014-3522\nCVE-2014-3528\nCVE-2014-3580\nCVE-2014-8108\n\nGit\nAvailable for: OS X Mavericks v10.9.4 or later\nImpact: Synching with a malicious git repository may allow\nunexpected files to be added to the .git folder\nDescription: The checks involved in disallowed paths did not account\nfor case insensitivity or unicode characters. This issue was\naddressed by adding additional checks. \nCVE-ID\nCVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of\nMercurial\n\nXcode 6.2 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"6.2\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3522"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"db": "BID",
"id": "69237"
},
{
"db": "VULHUB",
"id": "VHN-71462"
},
{
"db": "VULMON",
"id": "CVE-2014-3522"
},
{
"db": "PACKETSTORM",
"id": "131094"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130744"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71462",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71462"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3522",
"trust": 3.3
},
{
"db": "BID",
"id": "69237",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "60722",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "59432",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "60100",
"trust": 1.8
},
{
"db": "XF",
"id": "95090",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "59584",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "109996",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU90171154",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-233",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "130744",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71462",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3522",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131094",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127874",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139060",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71462"
},
{
"db": "VULMON",
"id": "CVE-2014-3522"
},
{
"db": "BID",
"id": "69237"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"db": "PACKETSTORM",
"id": "131094"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "NVD",
"id": "CVE-2014-3522"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
]
},
"id": "VAR-201408-0086",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71462"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:39:44.039000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2014-3522-advisory",
"trust": 0.8,
"url": "https://subversion.apache.org/security/cve-2014-3522-advisory.txt"
},
{
"title": "APPLE-SA-2015-03-09-4 Xcode 6.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204427"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "USN-2316-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-2316-1/"
},
{
"title": "subversion-1.7.18",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51250"
},
{
"title": "subversion-1.7.18",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51249"
},
{
"title": "subversion-1.8.10",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51253"
},
{
"title": "subversion-1.7.18",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51248"
},
{
"title": "subversion-1.8.10",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51252"
},
{
"title": "subversion-1.8.10",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51251"
},
{
"title": "Ubuntu Security Notice: subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2316-1"
},
{
"title": "Apple: Xcode 6.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=28f88d65a83ee45368f37221b1b4ea8f"
},
{
"title": "Amazon Linux AMI: ALAS-2014-413",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-413"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3522"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-297",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71462"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"db": "NVD",
"id": "CVE-2014-3522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/60100"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/69237"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2316-1"
},
{
"trust": 1.8,
"url": "https://subversion.apache.org/security/cve-2014-3522-advisory.txt"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/59432"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/60722"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/95090"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht204427"
},
{
"trust": 1.2,
"url": "http://www.osvdb.org/109996"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/59584"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95311"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95090"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3522"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90171154/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3522"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127063"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"trust": 0.3,
"url": "http://www.ubuntu.com/usn/usn-2316-1/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/297.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2316-1/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0339.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0545.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0032"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0105.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2167"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9390"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71462"
},
{
"db": "VULMON",
"id": "CVE-2014-3522"
},
{
"db": "BID",
"id": "69237"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"db": "PACKETSTORM",
"id": "131094"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "NVD",
"id": "CVE-2014-3522"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71462"
},
{
"db": "VULMON",
"id": "CVE-2014-3522"
},
{
"db": "BID",
"id": "69237"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"db": "PACKETSTORM",
"id": "131094"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "NVD",
"id": "CVE-2014-3522"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-71462"
},
{
"date": "2014-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3522"
},
{
"date": "2014-08-14T00:00:00",
"db": "BID",
"id": "69237"
},
{
"date": "2014-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"date": "2015-03-30T21:22:48",
"db": "PACKETSTORM",
"id": "131094"
},
{
"date": "2014-08-14T22:50:50",
"db": "PACKETSTORM",
"id": "127874"
},
{
"date": "2016-10-12T04:50:20",
"db": "PACKETSTORM",
"id": "139060"
},
{
"date": "2015-03-10T16:22:37",
"db": "PACKETSTORM",
"id": "130744"
},
{
"date": "2014-08-19T18:55:02.640000",
"db": "NVD",
"id": "CVE-2014-3522"
},
{
"date": "2014-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-71462"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3522"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "69237"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003864"
},
{
"date": "2018-10-30T16:27:34.687000",
"db": "NVD",
"id": "CVE-2014-3522"
},
{
"date": "2014-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "131094"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-233"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion of Serf RA Vulnerability impersonating server in layer",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003864"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "69237"
}
],
"trust": 0.3
}
}
VAR-201508-0172
Vulnerability from variot - Updated: 2023-12-18 10:55The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Apache Subversion is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Apache Subversion 1.8.0 through 1.8.13 and 1.7.0 through 1.7.20 are vulnerable. The system is compatible with the Concurrent Versions System (CVS). ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580)
It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108)
Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)
Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0248)
Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)
C. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. (CVE-2015-3187)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1
Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5
In general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-4 Xcode 7.3
Xcode 7.3 is now available and addresses the following:
otool Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes (@squiffy)
subversion Available for: OS X El Capitan v10.11 and later Impact: A malicious server may be able to execute arbitrary code Description: Multiple vulnerabilities existed in subversion versions prior to 1.7.21, the most serious of which may have led to remote code execution. These were addressed by updating subversion to version 1.7.22. Michael Pilato, CollabNet
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq OiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8 vXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T 4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl cuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt 6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq gEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12 OitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5 UfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9 8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd COicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw cU0NiqyyiqU1H29UaU50 =9aiD -----END PGP SIGNATURE----- .
Gentoo Linux Security Advisory GLSA 201610-05
https://security.gentoo.org/
Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05
Synopsis
Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code.
Background
Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.
The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
[ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:1742-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html Issue date: 2015-09-08 CVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 =====================================================================
- Summary:
Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.
An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248)
It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184)
It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251)
It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187)
Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers 1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions 1247249 - CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
ppc64: mod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm subversion-1.7.14-7.el7_1.1.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-libs-1.7.14-7.el7_1.1.ppc.rpm subversion-libs-1.7.14-7.el7_1.1.ppc64.rpm
s390x: mod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm subversion-1.7.14-7.el7_1.1.s390x.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-libs-1.7.14-7.el7_1.1.s390.rpm subversion-libs-1.7.14-7.el7_1.1.s390x.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.ael7b_1.1.src.rpm
ppc64le: mod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: subversion-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-devel-1.7.14-7.el7_1.1.ppc.rpm subversion-devel-1.7.14-7.el7_1.1.ppc64.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm subversion-kde-1.7.14-7.el7_1.1.ppc.rpm subversion-kde-1.7.14-7.el7_1.1.ppc64.rpm subversion-perl-1.7.14-7.el7_1.1.ppc.rpm subversion-perl-1.7.14-7.el7_1.1.ppc64.rpm subversion-python-1.7.14-7.el7_1.1.ppc64.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm subversion-tools-1.7.14-7.el7_1.1.ppc64.rpm
s390x: subversion-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-devel-1.7.14-7.el7_1.1.s390.rpm subversion-devel-1.7.14-7.el7_1.1.s390x.rpm subversion-gnome-1.7.14-7.el7_1.1.s390.rpm subversion-gnome-1.7.14-7.el7_1.1.s390x.rpm subversion-javahl-1.7.14-7.el7_1.1.s390.rpm subversion-javahl-1.7.14-7.el7_1.1.s390x.rpm subversion-kde-1.7.14-7.el7_1.1.s390.rpm subversion-kde-1.7.14-7.el7_1.1.s390x.rpm subversion-perl-1.7.14-7.el7_1.1.s390.rpm subversion-perl-1.7.14-7.el7_1.1.s390x.rpm subversion-python-1.7.14-7.el7_1.1.s390x.rpm subversion-ruby-1.7.14-7.el7_1.1.s390.rpm subversion-ruby-1.7.14-7.el7_1.1.s390x.rpm subversion-tools-1.7.14-7.el7_1.1.s390x.rpm
x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0248 https://access.redhat.com/security/cve/CVE-2015-0251 https://access.redhat.com/security/cve/CVE-2015-3184 https://access.redhat.com/security/cve/CVE-2015-3187 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2015-0248-advisory.txt https://subversion.apache.org/security/CVE-2015-3184-advisory.txt https://subversion.apache.org/security/CVE-2015-0251-advisory.txt https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b KVJwbobNcmPzKule+9U7RnM= =F2J4 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.13"
},
{
"model": "subversion",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.20"
},
{
"model": "xcode",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.x"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.14"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x el capitan v10.11 or later )"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.8.14"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.22"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.21"
}
],
"sources": [
{
"db": "BID",
"id": "76273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"db": "NVD",
"id": "CVE-2015-3187"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "C. Michael Pilato of CollabNet.",
"sources": [
{
"db": "BID",
"id": "76273"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3187",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3187",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-81148",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3187",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-058",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81148",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"db": "NVD",
"id": "CVE-2015-3187"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Apache Subversion is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nApache Subversion 1.8.0 through 1.8.13 and 1.7.0 through 1.7.20 are vulnerable. The system is compatible with the Concurrent Versions System (CVS). ============================================================================\nUbuntu Security Notice USN-2721-1\nAugust 20, 2015\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2014-3580)\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled requests requiring a lookup for a virtual transaction name that\ndoes not exist. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-8108)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly\nhandled large numbers of REPORT requests. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve\nmodules incorrectly certain crafted parameter combinations. (CVE-2015-0248)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module incorrectly\nhandled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)\n\nC. A remote attacker could use this\nissue to read hidden files via the path name. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based\nauthorization. (CVE-2015-3187)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libapache2-svn 1.8.10-5ubuntu1.1\n libsvn1 1.8.10-5ubuntu1.1\n subversion 1.8.10-5ubuntu1.1\n\nUbuntu 14.04 LTS:\n libapache2-svn 1.8.8-1ubuntu3.2\n libsvn1 1.8.8-1ubuntu3.2\n subversion 1.8.8-1ubuntu3.2\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.5\n libsvn1 1.6.17dfsg-3ubuntu3.5\n subversion 1.6.17dfsg-3ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-4 Xcode 7.3\n\nXcode 7.3 is now available and addresses the following:\n\notool\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes\n(@squiffy)\n\nsubversion\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious server may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in subversion versions\nprior to 1.7.21, the most serious of which may have led to remote\ncode execution. These were addressed by updating subversion to\nversion 1.7.22. Michael Pilato, CollabNet\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq\nOiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8\nvXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T\n4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl\ncuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt\n6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq\ngEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12\nOitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5\nUfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9\n8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd\nCOicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw\ncU0NiqyyiqU1H29UaU50\n=9aiD\n-----END PGP SIGNATURE-----\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201610-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Subversion, Serf: Multiple Vulnerabilities\n Date: October 11, 2016\n Bugs: #500482, #518716, #519202, #545348, #556076, #567810,\n #581448, #586046\n ID: 201610-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion and Serf, the\nworst of which could lead to execution of arbitrary code. \n\nBackground\n==========\n\nSubversion is a version control system intended to eventually replace\nCVS. Like CVS, it has an optional client-server architecture (where the\nserver can be an Apache server running mod_svn, or an ssh program as in\nCVS\u0027s :ext: method). In addition to supporting the features found in\nCVS, Subversion also provides support for moving and copying files and\ndirectories. \n\nThe serf library is a high performance C-based HTTP client library\nbuilt upon the Apache Portable Runtime (APR) library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.9.4 \u003e= 1.9.4\n *\u003e 1.8.16\n 2 net-libs/serf \u003c 1.3.7 \u003e= 1.3.7\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. \nPlease review the CVE identifiers referenced below for details\n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, conduct a man-in-the-middle attack, obtain\nsensitive information, or cause a Denial of Service Condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.9.4\"\n\nAll Serf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/serf-1.3.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032\n[ 2 ] CVE-2014-3504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504\n[ 3 ] CVE-2014-3522\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522\n[ 4 ] CVE-2014-3528\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528\n[ 5 ] CVE-2015-0202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202\n[ 6 ] CVE-2015-0248\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248\n[ 7 ] CVE-2015-0251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251\n[ 8 ] CVE-2015-3184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184\n[ 9 ] CVE-2015-3187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187\n[ 10 ] CVE-2015-5259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259\n[ 11 ] CVE-2016-2167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167\n[ 12 ] CVE-2016-2168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:1742-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html\nIssue date: 2015-09-08\nCVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 \n CVE-2015-3187 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP. \n\nAn assertion failure flaw was found in the way the SVN server processed\ncertain requests with dynamically evaluated revision numbers. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. (CVE-2015-0248)\n\nIt was found that the mod_authz_svn module did not properly restrict\nanonymous access to Subversion repositories under certain configurations\nwhen used with Apache httpd 2.4.x. This could allow a user to anonymously\naccess files in a Subversion repository, which should only be accessible to\nauthenticated users. (CVE-2015-3184)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property. \n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael\nPilato of CollabNet as the original reporter of CVE-2015-3184 and\nCVE-2015-3187 flaws. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers\n1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions\n1247249 - CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4\n1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nppc64:\nmod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-libs-1.7.14-7.el7_1.1.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-libs-1.7.14-7.el7_1.1.s390.rpm\nsubversion-libs-1.7.14-7.el7_1.1.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.ael7b_1.1.src.rpm\n\nppc64le:\nmod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsubversion-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-devel-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-kde-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-perl-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-python-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.ppc64.rpm\n\ns390x:\nsubversion-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-devel-1.7.14-7.el7_1.1.s390.rpm\nsubversion-devel-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.s390.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.s390.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-kde-1.7.14-7.el7_1.1.s390.rpm\nsubversion-kde-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-perl-1.7.14-7.el7_1.1.s390.rpm\nsubversion-perl-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-python-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.s390.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-tools-1.7.14-7.el7_1.1.s390x.rpm\n\nx86_64:\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nsubversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0248\nhttps://access.redhat.com/security/cve/CVE-2015-0251\nhttps://access.redhat.com/security/cve/CVE-2015-3184\nhttps://access.redhat.com/security/cve/CVE-2015-3187\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2015-0248-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3184-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-0251-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3187-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b\nKVJwbobNcmPzKule+9U7RnM=\n=F2J4\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3187"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"db": "BID",
"id": "76273"
},
{
"db": "VULHUB",
"id": "VHN-81148"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "136345"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133473"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3187",
"trust": 3.3
},
{
"db": "SECTRACK",
"id": "1033215",
"trust": 2.5
},
{
"db": "BID",
"id": "76273",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004064",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-058",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81148",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133236",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136345",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133473",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81148"
},
{
"db": "BID",
"id": "76273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "136345"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "NVD",
"id": "CVE-2015-3187"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
]
},
"id": "VAR-201508-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81148"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:55:48.246000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2016-03-21-4 Xcode 7.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00003.html"
},
{
"title": "HT206172",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206172"
},
{
"title": "HT206172",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206172"
},
{
"title": "RHSA-2015:1633",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1633.html"
},
{
"title": "CVE-2015-3187-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2015-3187-advisory.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"db": "NVD",
"id": "CVE-2015-3187"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id/1033215"
},
{
"trust": 2.2,
"url": "http://subversion.apache.org/security/cve-2015-3187-advisory.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/76273"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1742.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1633.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2721-1"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00003.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht206172"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3331"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3187"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3187"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247252"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://subversion.apache.org/security/cve-2015-0251-advisory.txt"
},
{
"trust": 0.2,
"url": "https://subversion.apache.org/security/cve-2015-0248-advisory.txt"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0251"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0248"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-3187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5259"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2167"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2015-3184-advisory.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3184"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81148"
},
{
"db": "BID",
"id": "76273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "136345"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "NVD",
"id": "CVE-2015-3187"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81148"
},
{
"db": "BID",
"id": "76273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "136345"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "NVD",
"id": "CVE-2015-3187"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-81148"
},
{
"date": "2015-07-27T00:00:00",
"db": "BID",
"id": "76273"
},
{
"date": "2015-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"date": "2015-08-21T16:59:18",
"db": "PACKETSTORM",
"id": "133236"
},
{
"date": "2015-08-17T15:40:41",
"db": "PACKETSTORM",
"id": "133096"
},
{
"date": "2016-03-22T15:15:02",
"db": "PACKETSTORM",
"id": "136345"
},
{
"date": "2016-10-12T04:50:20",
"db": "PACKETSTORM",
"id": "139060"
},
{
"date": "2015-09-08T15:47:21",
"db": "PACKETSTORM",
"id": "133473"
},
{
"date": "2015-08-12T14:59:12.150000",
"db": "NVD",
"id": "CVE-2015-3187"
},
{
"date": "2015-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-81148"
},
{
"date": "2016-10-26T00:17:00",
"db": "BID",
"id": "76273"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004064"
},
{
"date": "2017-07-01T01:29:15.733000",
"db": "NVD",
"id": "CVE-2015-3187"
},
{
"date": "2015-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion of svn_repos_trace_node_locations Vulnerability in obtaining important path information in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004064"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-058"
}
],
"trust": 0.6
}
}
VAR-201412-0515
Vulnerability from variot - Updated: 2023-12-18 10:45The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apache subversion is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the affected process, causing denial of service conditions. Subversion versions 1.7.0 through 1.7.18 and 1.8.0 through 1.8.10 are affected. Subversion is an open source version control system of the Apache Software Foundation in the United States. The main function of the system is to be compatible with the concurrent version management system (CVS). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUqoNCmqjQ0CJFipgRAqwFAKCUALR1yu7OcAY6tP4LrYCdhQMJDACg7FG5 zlOOLTc8tjEXNuj5PnqflP0= =huIz -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)
Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0248)
Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)
C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. (CVE-2015-3187)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1
Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5
In general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 =====================================================================
- Summary:
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. (CVE-2014-8108)
It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528)
Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
ppc64: mod_dav_svn-1.7.14-7.el7_0.ppc64.rpm subversion-1.7.14-7.el7_0.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-libs-1.7.14-7.el7_0.ppc.rpm subversion-libs-1.7.14-7.el7_0.ppc64.rpm
s390x: mod_dav_svn-1.7.14-7.el7_0.s390x.rpm subversion-1.7.14-7.el7_0.s390x.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-libs-1.7.14-7.el7_0.s390.rpm subversion-libs-1.7.14-7.el7_0.s390x.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: subversion-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-devel-1.7.14-7.el7_0.ppc.rpm subversion-devel-1.7.14-7.el7_0.ppc64.rpm subversion-gnome-1.7.14-7.el7_0.ppc.rpm subversion-gnome-1.7.14-7.el7_0.ppc64.rpm subversion-javahl-1.7.14-7.el7_0.ppc.rpm subversion-javahl-1.7.14-7.el7_0.ppc64.rpm subversion-kde-1.7.14-7.el7_0.ppc.rpm subversion-kde-1.7.14-7.el7_0.ppc64.rpm subversion-perl-1.7.14-7.el7_0.ppc.rpm subversion-perl-1.7.14-7.el7_0.ppc64.rpm subversion-python-1.7.14-7.el7_0.ppc64.rpm subversion-ruby-1.7.14-7.el7_0.ppc.rpm subversion-ruby-1.7.14-7.el7_0.ppc64.rpm subversion-tools-1.7.14-7.el7_0.ppc64.rpm
s390x: subversion-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-devel-1.7.14-7.el7_0.s390.rpm subversion-devel-1.7.14-7.el7_0.s390x.rpm subversion-gnome-1.7.14-7.el7_0.s390.rpm subversion-gnome-1.7.14-7.el7_0.s390x.rpm subversion-javahl-1.7.14-7.el7_0.s390.rpm subversion-javahl-1.7.14-7.el7_0.s390x.rpm subversion-kde-1.7.14-7.el7_0.s390.rpm subversion-kde-1.7.14-7.el7_0.s390x.rpm subversion-perl-1.7.14-7.el7_0.s390.rpm subversion-perl-1.7.14-7.el7_0.s390x.rpm subversion-python-1.7.14-7.el7_0.s390x.rpm subversion-ruby-1.7.14-7.el7_0.s390.rpm subversion-ruby-1.7.14-7.el7_0.s390x.rpm subversion-tools-1.7.14-7.el7_0.s390x.rpm
x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/cve/CVE-2014-8108 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt https://subversion.apache.org/security/CVE-2014-8108-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll KM6EsnQkXd09uLTe1k+tQaU= =CuZg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache Subversion to version 1.7.19. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108
Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial
Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "6.2".
For the stable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u7.
For the unstable distribution (sid), this problem has been fixed in version 1.8.10-5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "1.7.19"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "6.6.z"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.23"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.x"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.11"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.4 or later )"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.x"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "71726"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"db": "NVD",
"id": "CVE-2014-3580"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3580"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Kotkov, VisualSVN",
"sources": [
{
"db": "BID",
"id": "71726"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3580",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-3580",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-71520",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3580",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71520",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71520"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"db": "NVD",
"id": "CVE-2014-3580"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apache subversion is prone to a remote denial-of-service vulnerability. \nExploiting this issue allows remote attackers to crash the affected process, causing denial of service conditions. \nSubversion versions 1.7.0 through 1.7.18 and 1.8.0 through 1.8.10 are affected. Subversion is an open source version control system of the Apache Software Foundation in the United States. The main function of the system is to be compatible with the concurrent version management system (CVS). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUqoNCmqjQ0CJFipgRAqwFAKCUALR1yu7OcAY6tP4LrYCdhQMJDACg7FG5\nzlOOLTc8tjEXNuj5PnqflP0=\n=huIz\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2721-1\nAugust 20, 2015\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. This issue only affected Ubuntu\n14.04 LTS. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve\nmodules incorrectly certain crafted parameter combinations. (CVE-2015-0248)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module incorrectly\nhandled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)\n\nC. Michael Pilato discovered that the Subversion mod_dav_svn module\nincorrectly restricted anonymous access. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based\nauthorization. (CVE-2015-3187)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libapache2-svn 1.8.10-5ubuntu1.1\n libsvn1 1.8.10-5ubuntu1.1\n subversion 1.8.10-5ubuntu1.1\n\nUbuntu 14.04 LTS:\n libapache2-svn 1.8.8-1ubuntu3.2\n libsvn1 1.8.8-1ubuntu3.2\n subversion 1.8.8-1ubuntu3.2\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.5\n libsvn1 1.6.17dfsg-3ubuntu3.5\n subversion 1.6.17dfsg-3ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:0166-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html\nIssue date: 2015-02-10\nCVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. A remote, unauthenticated attacker could use a\nspecially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn module\nhandled certain requests for URIs that trigger a lookup of a virtual\ntransaction name. (CVE-2014-8108)\n\nIt was discovered that Subversion clients retrieved cached authentication\ncredentials using the MD5 hash of the server realm string without also\nchecking the server\u0027s URL. A malicious server able to provide a realm that\ntriggers an MD5 collision could possibly use this flaw to obtain the\ncredentials for a different realm. (CVE-2014-3528)\n\nRed Hat would like to thank the Subversion project for reporting\nCVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of\nVisualSVN as the original reporter. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision\n1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests\n1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nppc64:\nmod_dav_svn-1.7.14-7.el7_0.ppc64.rpm\nsubversion-1.7.14-7.el7_0.ppc64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm\nsubversion-libs-1.7.14-7.el7_0.ppc.rpm\nsubversion-libs-1.7.14-7.el7_0.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.7.14-7.el7_0.s390x.rpm\nsubversion-1.7.14-7.el7_0.s390x.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390x.rpm\nsubversion-libs-1.7.14-7.el7_0.s390.rpm\nsubversion-libs-1.7.14-7.el7_0.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsubversion-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm\nsubversion-devel-1.7.14-7.el7_0.ppc.rpm\nsubversion-devel-1.7.14-7.el7_0.ppc64.rpm\nsubversion-gnome-1.7.14-7.el7_0.ppc.rpm\nsubversion-gnome-1.7.14-7.el7_0.ppc64.rpm\nsubversion-javahl-1.7.14-7.el7_0.ppc.rpm\nsubversion-javahl-1.7.14-7.el7_0.ppc64.rpm\nsubversion-kde-1.7.14-7.el7_0.ppc.rpm\nsubversion-kde-1.7.14-7.el7_0.ppc64.rpm\nsubversion-perl-1.7.14-7.el7_0.ppc.rpm\nsubversion-perl-1.7.14-7.el7_0.ppc64.rpm\nsubversion-python-1.7.14-7.el7_0.ppc64.rpm\nsubversion-ruby-1.7.14-7.el7_0.ppc.rpm\nsubversion-ruby-1.7.14-7.el7_0.ppc64.rpm\nsubversion-tools-1.7.14-7.el7_0.ppc64.rpm\n\ns390x:\nsubversion-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390x.rpm\nsubversion-devel-1.7.14-7.el7_0.s390.rpm\nsubversion-devel-1.7.14-7.el7_0.s390x.rpm\nsubversion-gnome-1.7.14-7.el7_0.s390.rpm\nsubversion-gnome-1.7.14-7.el7_0.s390x.rpm\nsubversion-javahl-1.7.14-7.el7_0.s390.rpm\nsubversion-javahl-1.7.14-7.el7_0.s390x.rpm\nsubversion-kde-1.7.14-7.el7_0.s390.rpm\nsubversion-kde-1.7.14-7.el7_0.s390x.rpm\nsubversion-perl-1.7.14-7.el7_0.s390.rpm\nsubversion-perl-1.7.14-7.el7_0.s390x.rpm\nsubversion-python-1.7.14-7.el7_0.s390x.rpm\nsubversion-ruby-1.7.14-7.el7_0.s390.rpm\nsubversion-ruby-1.7.14-7.el7_0.s390x.rpm\nsubversion-tools-1.7.14-7.el7_0.s390x.rpm\n\nx86_64:\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3528\nhttps://access.redhat.com/security/cve/CVE-2014-3580\nhttps://access.redhat.com/security/cve/CVE-2014-8108\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2014-3528-advisory.txt\nhttps://subversion.apache.org/security/CVE-2014-3580-advisory.txt\nhttps://subversion.apache.org/security/CVE-2014-8108-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll\nKM6EsnQkXd09uLTe1k+tQaU=\n=CuZg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThese issues were addressed by updating Apache Subversion to version\n1.7.19. \nCVE-ID\nCVE-2014-3522\nCVE-2014-3528\nCVE-2014-3580\nCVE-2014-8108\n\nGit\nAvailable for: OS X Mavericks v10.9.4 or later\nImpact: Synching with a malicious git repository may allow\nunexpected files to be added to the .git folder\nDescription: The checks involved in disallowed paths did not account\nfor case insensitivity or unicode characters. This issue was\naddressed by adding additional checks. \nCVE-ID\nCVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of\nMercurial\n\nXcode 6.2 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"6.2\". \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.17dfsg-4+deb7u7. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.10-5",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3580"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"db": "BID",
"id": "71726"
},
{
"db": "VULHUB",
"id": "VHN-71520"
},
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "129679"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71520",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71520"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3580",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "61131",
"trust": 2.5
},
{
"db": "BID",
"id": "71726",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU90171154",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007292",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-396",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "129821",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "133236",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "129679",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71520",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130349",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130744",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71520"
},
{
"db": "BID",
"id": "71726"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "129679"
},
{
"db": "NVD",
"id": "CVE-2014-3580"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
]
},
"id": "VAR-201412-0515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71520"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:45:49.496000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-03-09-4 Xcode 6.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204427"
},
{
"title": "RHSA-2015:0165",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0165.html"
},
{
"title": "RHSA-2015:0166",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0166.html "
},
{
"title": "mod_dav_svn is vulnerable to a remotely triggerable segfault DoS vulnerability with certain invalid REPORT requests.",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2014-3580-advisory.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"db": "NVD",
"id": "CVE-2014-3580"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/61131"
},
{
"trust": 1.9,
"url": "http://subversion.apache.org/security/cve-2014-3580-advisory.txt"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0165.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0166.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2721-1"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/71726"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204427"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-3107"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3580"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90171154/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3580"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3580"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://subversion.apache.org/security/cve-2014-3528-advisory.txt"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3528"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0545.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2014-8108-advisory.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9390"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71520"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "129679"
},
{
"db": "NVD",
"id": "CVE-2014-3580"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71520"
},
{
"db": "BID",
"id": "71726"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "129679"
},
{
"db": "NVD",
"id": "CVE-2014-3580"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-71520"
},
{
"date": "2014-12-18T00:00:00",
"db": "BID",
"id": "71726"
},
{
"date": "2014-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"date": "2015-01-06T17:02:00",
"db": "PACKETSTORM",
"id": "129821"
},
{
"date": "2015-08-21T16:59:18",
"db": "PACKETSTORM",
"id": "133236"
},
{
"date": "2015-02-11T01:52:08",
"db": "PACKETSTORM",
"id": "130349"
},
{
"date": "2015-02-11T01:49:16",
"db": "PACKETSTORM",
"id": "130344"
},
{
"date": "2015-03-10T16:22:37",
"db": "PACKETSTORM",
"id": "130744"
},
{
"date": "2014-12-22T17:14:48",
"db": "PACKETSTORM",
"id": "129679"
},
{
"date": "2014-12-18T15:59:00.070000",
"db": "NVD",
"id": "CVE-2014-3580"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-71520"
},
{
"date": "2015-11-03T19:05:00",
"db": "BID",
"id": "71726"
},
{
"date": "2015-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007292"
},
{
"date": "2016-12-24T02:59:02.460000",
"db": "NVD",
"id": "CVE-2014-3580"
},
{
"date": "2014-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129821"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "129679"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
],
"trust": 1.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion of mod_dav_svn Apache HTTPD server Service disruption in modules (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-396"
}
],
"trust": 0.6
}
}