Описание
Security update for subversion
This update fixes the following security issue:
CVE-2015-5343: Possible remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bnc#958300)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12
libsvn_auth_gnome_keyring-1-0-1.8.10-18.2
libsvn_auth_kwallet-1-0-1.8.10-18.2
subversion-1.8.10-18.2
subversion-bash-completion-1.8.10-18.2
subversion-devel-1.8.10-18.2
subversion-perl-1.8.10-18.2
subversion-python-1.8.10-18.2
subversion-server-1.8.10-18.2
subversion-tools-1.8.10-18.2
SUSE Linux Enterprise Software Development Kit 12 SP1
libsvn_auth_gnome_keyring-1-0-1.8.10-18.2
libsvn_auth_kwallet-1-0-1.8.10-18.2
subversion-1.8.10-18.2
subversion-bash-completion-1.8.10-18.2
subversion-devel-1.8.10-18.2
subversion-perl-1.8.10-18.2
subversion-python-1.8.10-18.2
subversion-server-1.8.10-18.2
subversion-tools-1.8.10-18.2
Ссылки
- Link for SUSE-SU-2016:0043-1
- E-Mail link for SUSE-SU-2016:0043-1
- SUSE Security Ratings
- SUSE Bug 958300
- SUSE CVE CVE-2015-5343 page
Описание
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP1:libsvn_auth_gnome_keyring-1-0-1.8.10-18.2
SUSE Linux Enterprise Software Development Kit 12 SP1:libsvn_auth_kwallet-1-0-1.8.10-18.2
SUSE Linux Enterprise Software Development Kit 12 SP1:subversion-1.8.10-18.2
SUSE Linux Enterprise Software Development Kit 12 SP1:subversion-bash-completion-1.8.10-18.2
Ссылки
- CVE-2015-5343
- SUSE Bug 958300