Описание
Security update for subversion
This update fixes the following security issues:
- CVE-2015-5343: Possible remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bsc#958300)
- CVE-2015-3184: mod_authz_svn information leak information in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514)
- CVE-2015-3187: hidden paths leaked by path-based authz (bsc#939517)
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2015:2363-1
- SUSE Security Ratings
Описание
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
Затронутые продукты
Ссылки
- CVE-2015-3184
- SUSE Bug 938723
- SUSE Bug 939514
- SUSE Bug 939516
Описание
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
Затронутые продукты
Ссылки
- CVE-2015-3187
- SUSE Bug 939517
Описание
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-5343
- SUSE Bug 958300