Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:1161-1

Опубликовано: 12 апр. 2022
Источник: suse-cvrf

Описание

Security update for subversion

This update for subversion fixes the following issues:

  • CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denegation of service (bsc#1197940).
  • CVE-2021-28544: Fixed an information leak issue where Subversion servers may reveal the original path of files protected by path-based authorization (bsc#1197939).

Список пакетов

SUSE Enterprise Storage 6
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Enterprise Storage 7
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Real Time 15 SP2
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Server 15 SP1-BCL
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Server 15 SP1-LTSS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Server 15 SP2-BCL
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Server 15 SP2-LTSS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Server 15-LTSS
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Server for SAP Applications 15
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Manager Proxy 4.1
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Manager Retail Branch Server 4.1
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1
SUSE Manager Server 4.1
subversion-1.10.6-150000.3.21.1
subversion-bash-completion-1.10.6-150000.3.21.1
subversion-devel-1.10.6-150000.3.21.1
subversion-perl-1.10.6-150000.3.21.1
subversion-python-1.10.6-150000.3.21.1
subversion-server-1.10.6-150000.3.21.1
subversion-tools-1.10.6-150000.3.21.1

Ссылки

Описание

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.

Затронутые продукты
SUSE Enterprise Storage 6:subversion-1.10.6-150000.3.21.1
SUSE Enterprise Storage 6:subversion-bash-completion-1.10.6-150000.3.21.1
SUSE Enterprise Storage 6:subversion-devel-1.10.6-150000.3.21.1
SUSE Enterprise Storage 6:subversion-perl-1.10.6-150000.3.21.1
Ссылки

Описание

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.

Затронутые продукты
SUSE Enterprise Storage 6:subversion-1.10.6-150000.3.21.1
SUSE Enterprise Storage 6:subversion-bash-completion-1.10.6-150000.3.21.1
SUSE Enterprise Storage 6:subversion-devel-1.10.6-150000.3.21.1
SUSE Enterprise Storage 6:subversion-perl-1.10.6-150000.3.21.1
Ссылки