Описание
Security update for subversion
This update for subversion fixes the following issues:
- CVE-2020-17525: A null-pointer-dereference has been found in mod_authz_svn that results in a remote unauthenticated Denial-of-Service in some server configurations (bsc#1181687).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
libsvn_auth_gnome_keyring-1-0-1.10.6-lp152.2.9.1
libsvn_auth_kwallet-1-0-1.10.6-lp152.2.9.1
subversion-1.10.6-lp152.2.9.1
subversion-bash-completion-1.10.6-lp152.2.9.1
subversion-devel-1.10.6-lp152.2.9.1
subversion-perl-1.10.6-lp152.2.9.1
subversion-python-1.10.6-lp152.2.9.1
subversion-python-ctypes-1.10.6-lp152.2.9.1
subversion-ruby-1.10.6-lp152.2.9.1
subversion-server-1.10.6-lp152.2.9.1
subversion-tools-1.10.6-lp152.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0280-1
- SUSE Security Ratings
- SUSE Bug 1181687
- SUSE CVE CVE-2020-17525 page
Описание
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Затронутые продукты
openSUSE Leap 15.2:libsvn_auth_gnome_keyring-1-0-1.10.6-lp152.2.9.1
openSUSE Leap 15.2:libsvn_auth_kwallet-1-0-1.10.6-lp152.2.9.1
openSUSE Leap 15.2:subversion-1.10.6-lp152.2.9.1
openSUSE Leap 15.2:subversion-bash-completion-1.10.6-lp152.2.9.1
Ссылки
- CVE-2020-17525
- SUSE Bug 1181687