Описание
Security update for subversion
This update for subversion fixes the following issues:
- CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service (bsc#1197940).
- CVE-2021-28544: Fixed an information leak issue where Subversion servers may reveal the original path of files protected by path-based authorization (bsc#1197939).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP3
SUSE Linux Enterprise Module for Server Applications 15 SP3
openSUSE Leap 15.3
Ссылки
- Link for SUSE-SU-2022:1162-1
- E-Mail link for SUSE-SU-2022:1162-1
- SUSE Security Ratings
- SUSE Bug 1197939
- SUSE Bug 1197940
- SUSE CVE CVE-2021-28544 page
- SUSE CVE CVE-2022-24070 page
Описание
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
Затронутые продукты
Ссылки
- CVE-2021-28544
- SUSE Bug 1197939
Описание
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
Затронутые продукты
Ссылки
- CVE-2022-24070
- SUSE Bug 1197940