Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Ubuntu 21.10, 20.04 LTS: USN-5372-1 Moderate Subversion Issues

ubuntu
Calendar Grey April 12, 2022
Dist Ubuntu Esm H88
Critical Subversion flaws addressed in Ubuntu impacting various versions. Important updates to resolve security concerns detailed herein.
Several security issues were fixed in Subversion.

Summary

Several security issues were fixed in Subversion.

Software Description:

- subversion: Advanced version control system

Details:

Evgeny Kotkov discovered that Subversion servers did not properly follow

path-based authorization rules in certain cases. An attacker could

potentially use this issue to retrieve information about private paths.

(CVE-2021-28544)

Thomas Weißschuh discovered that Subversion servers did not properly handle

memory in certain configurations. A remote attacker could potentially use

this issue to cause a denial of service or other unspecified impact.

(CVE-2022-24070)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  libapache2-mod-svn              1.14.1-3ubuntu0.1
  libsvn-java                     1.14.1-3ubuntu0.1
  libsvn-perl                     1.14.1-3ubuntu0.1
  libsvn1                         1.14.1-3ubuntu0.1
  python3-subversion              1.14.1-3ubuntu0.1
  ruby-svn                        1.14.1-3ubuntu0.1
  subversion                      1.14.1-3ubuntu0.1
  subversion-tools                1.14.1-3ubuntu0.1

Ubuntu 20.04 LTS:
  libapache2-mod-svn              1.13.0-3ubuntu0.1
  libsvn-java                     1.13.0-3ubuntu0.1
  libsvn-perl                     1.13.0-3ubuntu0.1
  libsvn1                         1.13.0-3ubuntu0.1
  python-subversion               1.13.0-3ubuntu0.1
  ruby-svn                        1.13.0-3ubuntu0.1
  subversion                      1.13.0-3ubuntu0.1
  subversion-tools                1.13.0-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5372-1

CVE-2021-28544, CVE-2022-24070

Severity
important
Lowest
Low
Medium
High
Critical

April 12, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.