SUSE-SU-2024:4366-1

Опубликовано: 17 дек. 2024

Источник: suse-cvrf

Описание

Security update for subversion

This update for subversion fixes the following issues:

CVE-2024-46901: Fixed denial-of-service via control characters in paths in mod_dav_svn (bsc#1234317)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP5

subversion-1.14.1-150400.5.3.1

subversion-devel-1.14.1-150400.5.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

subversion-1.14.1-150400.5.3.1

subversion-devel-1.14.1-150400.5.3.1

SUSE Linux Enterprise Module for Development Tools 15 SP5

subversion-bash-completion-1.14.1-150400.5.3.1

subversion-perl-1.14.1-150400.5.3.1

subversion-python-1.14.1-150400.5.3.1

subversion-tools-1.14.1-150400.5.3.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

subversion-bash-completion-1.14.1-150400.5.3.1

subversion-perl-1.14.1-150400.5.3.1

subversion-python-1.14.1-150400.5.3.1

subversion-tools-1.14.1-150400.5.3.1

SUSE Linux Enterprise Module for Server Applications 15 SP5

subversion-server-1.14.1-150400.5.3.1

SUSE Linux Enterprise Module for Server Applications 15 SP6

subversion-server-1.14.1-150400.5.3.1

openSUSE Leap 15.5

libsvn_auth_gnome_keyring-1-0-1.14.1-150400.5.3.1

libsvn_auth_kwallet-1-0-1.14.1-150400.5.3.1

subversion-1.14.1-150400.5.3.1

subversion-bash-completion-1.14.1-150400.5.3.1

subversion-devel-1.14.1-150400.5.3.1

subversion-perl-1.14.1-150400.5.3.1

subversion-python-1.14.1-150400.5.3.1

subversion-ruby-1.14.1-150400.5.3.1

subversion-server-1.14.1-150400.5.3.1

subversion-tools-1.14.1-150400.5.3.1

openSUSE Leap 15.6

libsvn_auth_gnome_keyring-1-0-1.14.1-150400.5.3.1

libsvn_auth_kwallet-1-0-1.14.1-150400.5.3.1

subversion-1.14.1-150400.5.3.1

subversion-bash-completion-1.14.1-150400.5.3.1

subversion-devel-1.14.1-150400.5.3.1

subversion-perl-1.14.1-150400.5.3.1

subversion-python-1.14.1-150400.5.3.1

subversion-ruby-1.14.1-150400.5.3.1

subversion-server-1.14.1-150400.5.3.1

subversion-tools-1.14.1-150400.5.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244366-1/
Link for SUSE-SU-2024:4366-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/020026.html
E-Mail link for SUSE-SU-2024:4366-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1234317
SUSE Bug 1234317
https://www.suse.com/security/cve/CVE-2024-46901/
SUSE CVE CVE-2024-46901 page

Описание

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP5:subversion-1.14.1-150400.5.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP5:subversion-devel-1.14.1-150400.5.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:subversion-1.14.1-150400.5.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:subversion-devel-1.14.1-150400.5.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-46901.html
CVE-2024-46901
https://bugzilla.suse.com/1234317
SUSE Bug 1234317

SUSE-SU-2024:4366-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Development Tools 15 SP5

SUSE Linux Enterprise Module for Development Tools 15 SP6

SUSE Linux Enterprise Module for Server Applications 15 SP5

SUSE Linux Enterprise Module for Server Applications 15 SP6

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-46901

Описание

Затронутые продукты

Ссылки