Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
98
security advisorysubversionupdateRed Hat: RHSA-2021:0508-01 Important: Subversion Denial Of Service
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: subversion:1.10 security update Advisory ID: RHSA-2021:0508-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0508 Issue date: 2021-02-15 CVE Names: CVE-2020-17525 ==================================================================== 1. Summary: An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: Remote unauthenticated denial of service in mod_authz_svn (CVE-2020-17525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, for the update totake effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 5. Bugs fixed (https://bugzilla.redhat.com/): 1922303 - CVE-2020-17525 subversion: Remote unauthenticated denial of service in mod_authz_svn 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.2): Source: libserf-1.3.9-9.module+el8.2.0+9887+08558108.src.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.src.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.src.rpm aarch64: libserf-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm noarch: subversion-javahl-1.10.2-2.module+el8.2.0+9887+08558108.1.noarch.rpm ppc64le: libserf-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm s390x: libserf-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm x86_64: libserf-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm Thesepackages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-17525 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYColqdzjgjWX9erEAQiiRw//TJPiOaI4zGJNe3l0gcV3wXzszp3xk1zv 0pZ0vIvTSWIFU0i/8w900zow9Uezwu2UDSEaE+DtTovQP0SES/l11nb98WBbJW/w 5UohRmx1dWhnwRlN4kfDF5/KXUCUU6WfNQdsHD6uZm12exHOpID3wW6TiWR63BYE b88oE9rRGPSwnJUx6VK21EeyKz3gP34gQdp8mO/CxbQV0cwAHQvlL7nedc9ALIFt cY8HhkS80ne0IezWSceQoDlu9x+3jfmfPclPRyi/J6zwvNn5HaMGRgGpSoPBY3WZ A6b/WHJzlEHJSlJfavqRvnM4BTkI9V6e7eQaBYVzqCftXunaJoCukdNC26H4VCZx ujFlXdnqzgTPU4sHPnOXZ51IAXxTw6Ax8jkxcyEvtPa8M7/zilyHu+aI/b1s2XMc X7oUpUuis5kGiSyke7L66FpTTqy5EOeVG5D01MYGZMG7BHQTMpfnCeBt5CqfPaDg 9JmTFn58qh71kjD086xB2PcIg6sVrFSQVjlX0W43VefRqEJlPqaEa1DyHToOslW7 1YPtlAwoVBY/7TLXy+ux+QqzEDAPTDCD/9iY5Lvr90OHeeOA9Vpcgo1x1BG3vyAr xWOZczDosZk8hSqr5GNkx3nXRDhWJkxZuoe9uB6K0r6Y8LldhzOj8EgmUzg9odxa OlKnD2X9da0=K/qI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 15, 2021
•Important
Red Hat
89
security advisorycriticalsoftware updateFedora 32: FEDORA-2020-d8bc3a9874 Critical: perl-Convert-ASN1 Remote Threat
Security fix for CVE-2013-7488. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-d8bc3a9874 2020-12-02 10:39:53.044515 --------------------------------------------------------------------------------Name : perl-Convert-ASN1 Product : Fedora 32 Version : 0.27 Release : 19.fc32 URL : https://metacpan.org/dist/Convert-ASN1 Summary : ASN.1 encode/decode library Description : Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2013-7488 --------------------------------------------------------------------------------ChangeLog: * Mon Nov 23 2020 Jitka Plesnikova - 0.27-19 - Fix unsafe decoding in indef case (CVE-2013-7488) --------------------------------------------------------------------------------References: [ 1 ] Bug #1821879 - CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input https://bugzilla.redhat.com/show_bug.cgi?id=1821879 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d8bc3a9874' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 02, 2020
•Critical
Fedora
91
security advisoryhigh severitygentooGentoo: GLSA 202003-49 High: BlueZ Security Bypass Threat
A vulnerability in BlueZ might allow remote attackers to bypass security restrictions.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-49 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: BlueZ: Security bypass Date: March 25, 2020 Bugs: #712292 ID: 202003-49 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in BlueZ might allow remote attackers to bypass security restrictions. Background ========= Set of tools to manage Bluetooth devices for Linux. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/bluez < 5.54 > = 5.54 Description ========== It was discovered that the HID and HOGP profiles implementations in BlueZ did not specifically require bonding between the device and the host. Impact ===== A remote attacker with adjacent access could impersonate an existing HID device, cause a Denial of Service condition or escalate privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All BlueZ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-wireless/bluez-5.54" References ========= [ 1 ] CVE-2020-0556 https://nvd.nist.gov/vuln/detail/CVE-2020-0556 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-49 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality andsecurity of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Mar 25, 2020
Gentoo
198
security advisorynetwork securitymedium severityArch Linux: ASA-202310-1 Medium: Libusbmuxd Security Flaw
The package libusbmuxd before version 1.0.10-2 is vulnerable to access restriction bypass. . Arch Linux Security Advisory ASA-201706-5 ======================================== Severity: Medium Date : 2017-06-05 CVE-ID : CVE-2016-5104 Package : libusbmuxd Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-7 Summary ====== The package libusbmuxd before version 1.0.10-2 is vulnerable to access restriction bypass. Resolution ========= Upgrade to 1.0.10-2. # pacman -Syu "libusbmuxd> =1.0.10-2" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers on the local network to bypass intended access restrictions and communicate with services on affected devices by connecting to an IPv4 TCP socket. Impact ===== A remote attacker is able to interact with a USB-connected device by connecting to a IPv4 TCP socket. References ========= https://gitlab.archlinux.org/explore/groups https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196 http://www.openwall.com/lists/oss-security/2016/05/26/6 https://security.archlinux.org/CVE-2016-5104 . Debian security notice regarding libusbmuxd privilege escalation. Update to version 1.0.10-2 to address moderate severity vulnerabilities.. libusbmuxd Access Bypass, Arch Linux Advisory, Remote Access Threats. . Severity: Medium. LinuxSecurity.com Team
Jun 05, 2017
•Medium
ArchLinux
198
security advisoryhigh severitymultiple issuesArch Linux: ASA-201606-5 High Severity: Chromium Remote Risk
The package chromium before version 51.0.2704.79-1 is vulnerable to multiple issues. . Arch Linux Security Advisory ASA-201606-5 ======================================== Severity: High Date : 2016-06-05 CVE-ID : CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package chromium before version 51.0.2704.79-1 is vulnerable to multiple issues. Resolution ========= Upgrade to 51.0.2704.79-1. # pacman -Syu "chromium> =51.0.2704.79-1" The problems have been fixed upstream in version 51.0.2704.79. Workaround ========= None. Description ========== - CVE-2016-1696 (cross-origin bypass): Cross-origin bypass in Extension bindings. Credit to anonymous. - CVE-2016-1697 (cross-origin bypass): Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1698 (information leakage): Information leak in Extension bindings. Credit to Rob Wu. - CVE-2016-1699 (parameter sanitization failure): Parameter sanitization failure in DevTools. Credit to Gregory Panakkal. - CVE-2016-1700 (use-after-free): Use-after-free in Extensions. Credit to Rob Wu. - CVE-2016-1701 (use-after-free): Use-after-free in Autofill. Credit to Rob Wu. - CVE-2016-1702 (out-of-bounds read): Out-of-bounds read in Skia. Credit to cloudfuzzer. - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives. Impact ===== A remote attacker can access sensitive information, bypass cross-origin restrictions, cause a denial of service or possibly execute arbitrary code on the affectedhost. References ========= https://chromereleases.googleblog.com/2016/06/stable-channel-update.html https://access.redhat.com/security/cve/CVE-2016-1696 https://access.redhat.com/security/cve/CVE-2016-1697 https://access.redhat.com/security/cve/CVE-2016-1698 https://access.redhat.com/security/cve/CVE-2016-1699 https://access.redhat.com/security/cve/CVE-2016-1700 https://access.redhat.com/security/cve/CVE-2016-1701 https://access.redhat.com/security/cve/CVE-2016-1702 https://access.redhat.com/security/cve/CVE-2016-1703 . The recent security notice ASA-202309-7 for Arch Linux regarding firefox points out critical vulnerabilities that mandate an immediate update.. Arch Linux, Chromium Issues, Software Upgrade, Security Threats. . LinuxSecurity.com Team
Jun 05, 2016
ArchLinux
91
security advisorynormal severityremote access threatGentoo: GLSA-201507-18 Normal: Chromium Remote Bypass Threat
Multiple vulnerabilities have been found in Chromium allowing remote attackers to bypass security restrictions.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: July 10, 2015 Bugs: #552904 ID: 201507-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Chromium allowing remote attackers to bypass security restrictions. Background ========= Chromium is an open-source web browser project. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 43.0.2357.130 > = 43.0.2357.130 Description ========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could bypass security restrictions. Workaround ========= There is no known workaround at this time. Resolution ========= All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =www-client/chromium-43.0.2357.130" References ========= [ 1 ] CVE-2015-1266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1266 [ 2 ] CVE-2015-1267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1267 [ 3 ] CVE-2015-1268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1268 [ 4 ] CVE-2015-1269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1269 Availability =========== This GLSA and any updates to it are availablefor viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 10, 2015
Gentoo
200
security advisorymoderate severityupdate instructionsScientific Linux: SLSA-2015:0165-1 Moderate: Subversion Remote Threat
Moderate: subversion security update. Date: Wed, 11 Feb 2015 14:51:37 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: subversion on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: subversion security update Advisory ID: SLSA-2015:0165-1 Issue Date: 2015-02-10 CVE Numbers: CVE-2014-3528 CVE-2014-3580 -- A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. -- SL6 x86_64 mod_dav_svn-1.6.11-12.el6_6.x86_64.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.x86_64.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.x86_64.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.x86_64.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.x86_64.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.x86_64.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.x86_64.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.x86_64.rpm i386 mod_dav_svn-1.6.11-12.el6_6.i686.rpm subversion-1.6.11-12.el6_6.i686.rpm subversion-debuginfo-1.6.11-12.el6_6.i686.rpm subversion-devel-1.6.11-12.el6_6.i686.rpm subversion-gnome-1.6.11-12.el6_6.i686.rpm subversion-javahl-1.6.11-12.el6_6.i686.rpm subversion-kde-1.6.11-12.el6_6.i686.rpm subversion-perl-1.6.11-12.el6_6.i686.rpm subversion-ruby-1.6.11-12.el6_6.i686.rpm noarch subversion-svn2cl-1.6.11-12.el6_6.noarch.rpm - Scientific Linux Development Team . A mild security patch for Subversion rectifies vulnerabilities related to remote access and necessitates service reboots post-installation.. Subversion Update, Security Advisory, Scientific Linux, Remote Threat, Software Vulnerability. . Severity: Important. LinuxSecurity.com Team
Feb 11, 2015
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!