Mehrere Probleme in Subversion
ID: | USN-2316-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
Datum: | Fr, 15. August 2014, 07:56 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528 |
Applikationen: | Subversion |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6760793283732391302== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="uwBkJWvPr8HHTpFRJcUbFUeEBISLI49Vb" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --uwBkJWvPr8HHTpFRJcUbFUeEBISLI49Vb Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2316-1 August 14, 2014 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Subversion. Software Description: - subversion: Advanced version control system Details: Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032) Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3522) Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. (CVE-2014-3528) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libsvn1 1.8.8-1ubuntu3.1 subversion 1.8.8-1ubuntu3.1 Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.4 libsvn1 1.6.17dfsg-3ubuntu3.4 subversion 1.6.17dfsg-3ubuntu3.4 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2316-1 CVE-2014-0032, CVE-2014-3522, CVE-2014-3528 Package Information: https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1 https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4 --uwBkJWvPr8HHTpFRJcUbFUeEBISLI49Vb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJT7PxbAAoJEGVp2FWnRL6TGFIP/2zCeYVxcNbWCck2iP9YkeSx 52PyHDrH7MnkTxJJ8aGlTgxU3PcSsJ81XwcAm97mgeVj61zCp8tJDh71JETIVKV/ OW1nlvsLQopyYysTEH8/wUpiOEkxEZH4pERtytQSfGMpqN/ezZeA/w/twvrW0YFy UgIKyx6umeyUoghb6vvHBvNctahNb1nbez01Q9m/8rJhKEUW05MxByzfgP7+LwJC rE69lnohtIgEVax4qL4ZlVZuV2qoy5JLaDRUh2VGlTIFBXY2/7n9V/3f4Rt8Ekv/ AN1u0N2FSE9dVrMRh8m2/4szY+m5fWnrUEGl1XF/rjAD43u1ztHlS4/3Y8mRbaUI PedRZMxbxMuNSPp6k55M9/r52N5AGPZnfr/re+pFHMHiiOvEyyIULDvRzbn2Mycc XMadd3gQPtIGsqz6hFNbcikZBWEqSphikcJU4crpuvw2lSHWaGW4PiU+hZsIZaWG bBJv4bUzDEx170iM7vAKs4Ug/GNtZrApL5L0zgG/QdwObyxVw/82iTVUlhxNlv6Q hDu4cjiqRxqVdITWKamhrmBt4lkBYyftmvvCal0pr4OUF+1yUj/THEPNkZHqfeAf JLhtH1vbqzZM1oCnz276mvxvKpsuo79NM+t8mvD7krcJgrcqI/rChdsa80I9ct4C Ew+tL1pBg6b4kHaIroKY =wqag -----END PGP SIGNATURE----- --uwBkJWvPr8HHTpFRJcUbFUeEBISLI49Vb-- --===============6760793283732391302== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============6760793283732391302==-- |