Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 744
Alerts This Week
Warning Icon 1 744

Ubuntu 20.04 LTS USN-5445-1 Moderate: Subversion Denial Of Service

ubuntu
Calendar Grey May 26, 2022
Dist Ubuntu Esm H88
Tackling various Subversion security vulnerabilities in Ubuntu 18.04 and 20.04 LTS versions through necessary updates.
Several security issues were fixed in subversion.

Summary

Several security issues were fixed in subversion.

Software Description:

- subversion: Advanced version control system

Details:

Ace Olszowka discovered that Subversion incorrectly handled certain

svnserve requests. A remote attacker could possibly use this issue to cause

svnserver to crash, resulting in a denial of service. This issue only

affected Ubuntu 18.04 LTS. (CVE-2018-11782)

Tomas Bortoli discovered that Subversion incorrectly handled certain

svnserve requests. A remote attacker could possibly use this issue to cause

svnserver to crash, resulting in a denial of service. This issue only

affected Ubuntu 18.04 LTS. (CVE-2019-0203)

Thomas Åkesson discovered that Subversion incorrectly handled certain

inputs. An attacker could possibly use this issue to cause a denial of

service. (CVE-2020-17525)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  libapache2-mod-svn              1.13.0-3ubuntu0.2
  libsvn1                         1.13.0-3ubuntu0.2
  subversion                      1.13.0-3ubuntu0.2

Ubuntu 18.04 LTS:
  libapache2-mod-svn              1.9.7-4ubuntu1.1
  libsvn1                         1.9.7-4ubuntu1.1
  subversion                      1.9.7-4ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5445-1

CVE-2018-11782, CVE-2019-0203, CVE-2020-17525

May 26, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.