SUSE-SU-2025:0871-1

Опубликовано: 14 мар. 2025

Источник: suse-cvrf

Описание

Security update for subversion

This update for subversion fixes the following issues:

CVE-2024-46901: Fixed mod_dav_svn denial-of-service via control characters in paths (bsc#1234317)

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

subversion-devel-1.10.6-3.9.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250871-1/
Link for SUSE-SU-2025:0871-1
https://lists.suse.com/pipermail/sle-security-updates/2025-March/020521.html
E-Mail link for SUSE-SU-2025:0871-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1234317
SUSE Bug 1234317
https://www.suse.com/security/cve/CVE-2024-46901/
SUSE CVE CVE-2024-46901 page

Описание

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

Затронутые продукты

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:subversion-devel-1.10.6-3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-46901.html
CVE-2024-46901
https://bugzilla.suse.com/1234317
SUSE Bug 1234317

SUSE-SU-2025:0871-1

Описание

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2024-46901

Описание

Затронутые продукты

Ссылки