drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Subversion
Name: |
Denial of Service in Subversion |
|
ID: |
DSA-3107-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy |
|
Datum: |
So, 21. Dezember 2014, 10:26 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580 |
|
Applikationen: |
Subversion |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3107-1 security@debian.org http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : subversion CVE ID : CVE-2014-3580 Debian Bug : 773263
Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.
For the stable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u7.
For the unstable distribution (sid), this problem has been fixed in version 1.8.10-5.
We recommend that you upgrade your subversion packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJUlcb3AAoJEL97/wQC1SS+MbYIAKE5phOjZkRQRFmmzGfgpens RpM+I2mBJ1ghvHvd+3CIQsBjtIuzxgih+ekUYQ8YP5dOB1erV4cI3zMbjnv1x4ZC ZxLxDNfPGQ3xmBNwAXT+ohkVturBrqZpvxz/vR4ms77mvOHo4Zm1r/WWHgs19Cnm WgNGXTCz59HXmzFhsrmwWA0Ojr8lBEbr9t4hKeciq4QAdaMjvYoZhi9KaUMJh1K5 4ntIBP/KdaqlCTCb46w1QqG/bJ6lHv89DGX9GbKpM1PNCI6ejyVnU0CmEovDPTLs evr91+DzT3CTTPOvGxeabcrhxun/xeNPdcxdwuayEHzx7OGU1OvhdFW6j/XIecU= =3nn5 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/87h9wqgor7.fsf@mid.deneb.enyo.de
|
|
|
|