Описание
Security update for subversion
This update for subversion fixes the following issues:
-
CVE-2017-9800: A malicious, compromised server or MITM may cause svn client to execute arbitrary commands by sending repository content with svn:externals definitions pointing to crafted svn+ssh URLs. (bsc#1051362)
-
Malicious user may commit SHA-1 collisions and cause repository inconsistencies (bsc#1026936)
-
CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// could lead to denial of service (bsc#1011552)
-
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm (bsc#976849)
-
CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check (bsc#976850)
-
mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (bsc#977424)
-
make the subversion package conflict with KWallet and Gnome Keyring packages with do not require matching subversion versions in SLE 12 and openSUSE Leap 42.1 and thus break the main package upon partial upgrade. (bsc#969159)
-
CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bsc#958300)
-
Avoid recommending 180+ new pkgs for installation on minimal setup due subversion-password-store (bsc#942819)
-
CVE-2015-3184: mod_authz_svn: mixed anonymous/authenticated httpd (dav) configurations could lead to information leak (bsc#939514)
-
CVE-2015-3187: do not leak paths that were hidden by path-based authz (bsc#939517)
-
CVE-2015-0202: Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793)
-
CVE-2015-0248: Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794)
-
CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795)
-
fix sample configuration comments in subversion.conf (bsc#916286)
-
fix sysconfig file generation (bsc#911620)
-
CVE-2014-3580: mod_dav_svn invalid REPORT requests could lead to denial of service (bsc#909935)
-
CVE-2014-8108: mod_dav_svn use of invalid transaction names could lead to denial of service (bsc#909935)
-
INSTALL#SQLite says 'Subversion 1.8 requires SQLite version 3.7.12 or above'; therefore I lowered the sqlite requirement to make the subversion run on older system versions, tooi. [bsc#897033]
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2017:2200-1
- E-Mail link for SUSE-SU-2017:2200-1
- SUSE Security Ratings
- SUSE Bug 1011552
- SUSE Bug 1026936
- SUSE Bug 1051362
- SUSE Bug 897033
- SUSE Bug 909935
- SUSE Bug 911620
- SUSE Bug 916286
- SUSE Bug 923793
- SUSE Bug 923794
- SUSE Bug 923795
- SUSE Bug 939514
- SUSE Bug 939517
- SUSE Bug 942819
- SUSE Bug 958300
- SUSE Bug 969159
- SUSE Bug 976849
- SUSE Bug 976850
Описание
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
Затронутые продукты
Ссылки
- CVE-2014-3580
- SUSE Bug 909935
- SUSE Bug 910376
Описание
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
Затронутые продукты
Ссылки
- CVE-2014-8108
- SUSE Bug 909935
Описание
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
Затронутые продукты
Ссылки
- CVE-2015-0202
- SUSE Bug 923793
Описание
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
Затронутые продукты
Ссылки
- CVE-2015-0248
- SUSE Bug 923794
Описание
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
Затронутые продукты
Ссылки
- CVE-2015-0251
- SUSE Bug 923795
Описание
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
Затронутые продукты
Ссылки
- CVE-2015-3184
- SUSE Bug 938723
- SUSE Bug 939514
- SUSE Bug 939516
Описание
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
Затронутые продукты
Ссылки
- CVE-2015-3187
- SUSE Bug 939517
Описание
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-5343
- SUSE Bug 958300
Описание
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
Затронутые продукты
Ссылки
- CVE-2016-2167
- SUSE Bug 976849
Описание
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.
Затронутые продукты
Ссылки
- CVE-2016-2168
- SUSE Bug 976850
Описание
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
Затронутые продукты
Ссылки
- CVE-2016-8734
- SUSE Bug 1011552
Описание
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
Затронутые продукты
Ссылки
- CVE-2017-9800
- SUSE Bug 1051362
- SUSE Bug 1052481
- SUSE Bug 1052696
- SUSE Bug 1052932
- SUSE Bug 1053364
- SUSE Bug 1054653
- SUSE Bug 1066430
- SUSE Bug 1071709
- SUSE Bug 1128150