Описание
Security update for subversion
This update for subversion fixes the following issues:
- CVE-2020-17525: A null-pointer-dereference has been found in mod_authz_svn that results in a remote unauthenticated Denial-of-Service in some server configurations (bsc#1181687).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
libsvn_auth_gnome_keyring-1-0-1.10.6-3.3.1
subversion-1.10.6-3.3.1
subversion-bash-completion-1.10.6-3.3.1
subversion-devel-1.10.6-3.3.1
subversion-perl-1.10.6-3.3.1
subversion-python-1.10.6-3.3.1
subversion-server-1.10.6-3.3.1
subversion-tools-1.10.6-3.3.1
Ссылки
- Link for SUSE-SU-2021:0424-1
- E-Mail link for SUSE-SU-2021:0424-1
- SUSE Security Ratings
- SUSE Bug 1181687
- SUSE CVE CVE-2020-17525 page
Описание
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libsvn_auth_gnome_keyring-1-0-1.10.6-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:subversion-1.10.6-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:subversion-bash-completion-1.10.6-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:subversion-devel-1.10.6-3.3.1
Ссылки
- CVE-2020-17525
- SUSE Bug 1181687