drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Subversion
Name: |
Mehrere Probleme in Subversion |
|
ID: |
USN-2316-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
Datum: |
Fr, 15. August 2014, 07:56 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528 |
|
Applikationen: |
Subversion |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6760793283732391302== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="uwBkJWvPr8HHTpFRJcUbFUeEBISLI49Vb"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --uwBkJWvPr8HHTpFRJcUbFUeEBISLI49Vb Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2316-1 August 14, 2014
subversion vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032)
Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3522)
Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. (CVE-2014-3528)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libsvn1 1.8.8-1ubuntu3.1 subversion 1.8.8-1ubuntu3.1
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.4 libsvn1 1.6.17dfsg-3ubuntu3.4 subversion 1.6.17dfsg-3ubuntu3.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2316-1 CVE-2014-0032, CVE-2014-3522, CVE-2014-3528
Package Information: https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1 https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4
--uwBkJWvPr8HHTpFRJcUbFUeEBISLI49Vb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJT7PxbAAoJEGVp2FWnRL6TGFIP/2zCeYVxcNbWCck2iP9YkeSx 52PyHDrH7MnkTxJJ8aGlTgxU3PcSsJ81XwcAm97mgeVj61zCp8tJDh71JETIVKV/ OW1nlvsLQopyYysTEH8/wUpiOEkxEZH4pERtytQSfGMpqN/ezZeA/w/twvrW0YFy UgIKyx6umeyUoghb6vvHBvNctahNb1nbez01Q9m/8rJhKEUW05MxByzfgP7+LwJC rE69lnohtIgEVax4qL4ZlVZuV2qoy5JLaDRUh2VGlTIFBXY2/7n9V/3f4Rt8Ekv/ AN1u0N2FSE9dVrMRh8m2/4szY+m5fWnrUEGl1XF/rjAD43u1ztHlS4/3Y8mRbaUI PedRZMxbxMuNSPp6k55M9/r52N5AGPZnfr/re+pFHMHiiOvEyyIULDvRzbn2Mycc XMadd3gQPtIGsqz6hFNbcikZBWEqSphikcJU4crpuvw2lSHWaGW4PiU+hZsIZaWG bBJv4bUzDEx170iM7vAKs4Ug/GNtZrApL5L0zgG/QdwObyxVw/82iTVUlhxNlv6Q hDu4cjiqRxqVdITWKamhrmBt4lkBYyftmvvCal0pr4OUF+1yUj/THEPNkZHqfeAf JLhtH1vbqzZM1oCnz276mvxvKpsuo79NM+t8mvD7krcJgrcqI/rChdsa80I9ct4C Ew+tL1pBg6b4kHaIroKY =wqag -----END PGP SIGNATURE-----
--uwBkJWvPr8HHTpFRJcUbFUeEBISLI49Vb--
--===============6760793283732391302== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6760793283732391302==--
|
|
|
|