Описание
Security update for subversion
Apache Subversion was updated to fix three vulnerabilities.
The following vulnerabilities were fixed:
- Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202)
- Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248)
- Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:0776-1
- E-Mail link for SUSE-SU-2015:0776-1
- SUSE Security Ratings
- SUSE Bug 923793
- SUSE Bug 923794
- SUSE Bug 923795
- SUSE CVE CVE-2015-0202 page
- SUSE CVE CVE-2015-0248 page
- SUSE CVE CVE-2015-0251 page
Описание
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
Затронутые продукты
Ссылки
- CVE-2015-0202
- SUSE Bug 923793
Описание
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
Затронутые продукты
Ссылки
- CVE-2015-0248
- SUSE Bug 923794
Описание
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
Затронутые продукты
Ссылки
- CVE-2015-0251
- SUSE Bug 923795