ELSA-2017-2480

Опубликовано: 15 авг. 2017

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2017-2480: subversion security update (IMPORTANT)

[1.7.14-11]

add security fix for CVE-2017-9800

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

mod_dav_svn

1.7.14-11.el7_4

subversion

1.7.14-11.el7_4

subversion-devel

1.7.14-11.el7_4

subversion-gnome

1.7.14-11.el7_4

subversion-javahl

1.7.14-11.el7_4

subversion-kde

1.7.14-11.el7_4

subversion-libs

1.7.14-11.el7_4

subversion-perl

1.7.14-11.el7_4

subversion-python

1.7.14-11.el7_4

subversion-ruby

1.7.14-11.el7_4

subversion-tools

1.7.14-11.el7_4

Oracle Linux x86_64

mod_dav_svn

1.7.14-11.el7_4

subversion

1.7.14-11.el7_4

subversion-devel

1.7.14-11.el7_4

subversion-gnome

1.7.14-11.el7_4

subversion-javahl

1.7.14-11.el7_4

subversion-kde

1.7.14-11.el7_4

subversion-libs

1.7.14-11.el7_4

subversion-perl

1.7.14-11.el7_4

subversion-python

1.7.14-11.el7_4

subversion-ruby

1.7.14-11.el7_4

subversion-tools

1.7.14-11.el7_4

Связанные CVE

CVE-2017-9800

Ссылки на источники

Связанные уязвимости

CVE-2017-9800

CVSS3: 9.8

ubuntu

больше 8 лет назад

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.