Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

SUSE: 2017:2200-1 Important: Subversion DoS Issues Resolved

suse
Calendar Grey August 17, 2017
Dist Suse Esm H88
The recent update from SUSE for subversion resolves several security issues, implementing essential patches to enhance system safety.
An update that solves 12 vulnerabilities and has 7 fixes is An update that solves 12 vulnerabilities and has 7 fixes is An update that solves 12 vulnerabilities and has 7 fixes is ...

Summary

This update for subversion fixes the following issues: - CVE-2017-9800: A malicious, compromised server or MITM may cause svn client to execute arbitrary commands by sending repository content with svn:externals definitions pointing to crafted svn+ssh URLs. (bsc#1051362) - Malicious user may commit SHA-1 collisions and cause repository inconsistencies (bsc#1026936) - CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// could lead to denial of service (bsc#1011552) - CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm (bsc#976849) - CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check (bsc#976850)

References

#1011552 #1026936 #1051362 #897033 #909935

#911620 #916286 #923793 #923794 #923795 #939514

#939517 #942819 #958300 #969159 #976849 #976850

#977424 #983938

Cross- CVE-2014-3580 CVE-2014-8108 CVE-2015-0202

CVE-2015-0248 CVE-2015-0251 CVE-2015-3184

CVE-2015-3187 CVE-2015-5343 CVE-2016-2167

CVE-2016-2168 CVE-2016-8734 CVE-2017-9800

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Software Development Kit 12-SP2

https://www.suse.com/security/cve/CVE-2014-3580.html

https://www.suse.com/security/cve/CVE-2014-8108.html

https://www.suse.com/security/cve/CVE-2015-0202.html

https://www.suse.com/security/cve/CVE-2015-0248.html

https://www.suse.com/security/cve/CVE-2015-0251.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2200-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.