drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Subversion
Name: |
Mehrere Probleme in Subversion |
|
ID: |
USN-3388-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04 |
|
Datum: |
Fr, 11. August 2017, 09:31 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800 |
|
Applikationen: |
Subversion |
|
Originalnachricht |
--===============4446522799961173370== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="pjgmr6e32zqejycp" Content-Disposition: inline
--pjgmr6e32zqejycp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3388-1 August 11, 2017
subversion vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. (CVE-2017-9800)
Daniel Shahaf and James McCoy discovered that Subversion did not properly verify realms when using Cyrus SASL authentication. A remote attacker could use this to possibly bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2167)
Florian Weimer discovered that Subversion clients did not properly restrict XML entity expansion when accessing http(s):// URLs. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8734)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libsvn1 1.9.5-1ubuntu1.1 subversion 1.9.5-1ubuntu1.1
Ubuntu 16.04 LTS: libapache2-mod-svn 1.9.3-2ubuntu1.1 libapache2-svn 1.9.3-2ubuntu1.1 libsvn1 1.9.3-2ubuntu1.1 subversion 1.9.3-2ubuntu1.1
Ubuntu 14.04 LTS: libapache2-mod-svn 1.8.8-1ubuntu3.3 libapache2-svn 1.8.8-1ubuntu3.3 libsvn1 1.8.8-1ubuntu3.3 subversion 1.8.8-1ubuntu3.3
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3388-1 CVE-2016-2167, CVE-2016-8734, CVE-2017-9800
Package Information: https://launchpad.net/ubuntu/+source/subversion/1.9.5-1ubuntu1.1 https://launchpad.net/ubuntu/+source/subversion/1.9.3-2ubuntu1.1 https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.3
--pjgmr6e32zqejycp Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJZjU2oAAoJEC8Jno0AXoH0AdwP/jzxn1qAgWC/J9VHwo+BkXbM nwD2AhFNmn/eKUtW9NIxqd7t0+R2Gan00aTXEZXU5YJaRN/PIQQ4iob9oDdxJQR3 mfFHRvZHyQRTXNuCZHLrhoRpP0VcLCqQG9P4UnM6bHMfWudOpkIeEx02clAAl2ip TDgU/WSqgxSEW/vSl61VDVpkVy6MFQT4hqE2quH38jRcx/ejfLSfrR7cnBiVRnMU 7OLFKcEJWa/+HS7kYlqrv+SWfthg+w9x9mjTLaKFbBMhz7tAuNn02rk8EwYdEd0k bt6A41430cs/yjlaZicweXGrCw2qu3dbW0iEmR1IWQ6wp1X2qsGUVP2YjXjBBAEN w8WhNEG72V8CGXoM67ungn7ddzwK9AqQgwZjp0SbA50t9RQ7Sh3g6tfKmSYrTZsz 7x5/P2ccFjZ99VThAeBU4gUqiTUGup95oKqOBlfZtB+nR8A0Y3SmpkviORZAhofq zrn9Jcq0nGoSWgZWOYRuLsjdRFTZ/Pk7veKz691mebVLYbW7U2y82Z1hZpi1QTXi WwufYSp0+BwZb95j2IT7JsdsvenoudH8l2tXyqD1+Un2lnr8aAAj0VCrpPVY/aNC 5hZhhBnMyMF33InKnM28lV474dgKkU6SA7kZJf7oqLDgBYkgnjpWP5UTR6qAw1DS alzerkrWGy36j9uYBfoa =Cs+O -----END PGP SIGNATURE-----
--pjgmr6e32zqejycp--
--===============4446522799961173370== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4446522799961173370==--
|
|
|
|