Bug 33285 - subversion: Multiple issues (3.2)
subversion: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-7-errata
Assigned To: Daniel Tröder
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-12 11:24 CET by Moritz Muehlenhoff
Modified: 2015-11-19 16:20 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-11-12 11:24:25 CET
+++ This bug was initially created as a clone of Bug #31222 +++

Various denial of service issues in mod_dav_svn (CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849)

The --pid-file option of svnserve does not validate whether the PID file is a symlink, allowing denial of service (CVE-2013-4277)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-02-13 12:21:49 CET
Denial of service in mod_dav_svn (CVE-2014-0032)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-11-26 12:38:40 CET
Credentials cached are only validated based on the MD5 hash (CVE-2014-3528)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-12-22 15:56:18 CET
Denial of service in mod_dav_svn (CVE-2014-3580)
Comment 4 Arvid Requate univentionstaff 2015-04-22 18:35:19 CEST
* mod_dav_svn and svnserve: Denial of service via crafted parameter combinations (CVE-2015-0248)

* mod_dav_svn: Spoofing of svn:author by remote authenticated users (CVE-2015-0251)
Comment 5 Arvid Requate univentionstaff 2015-09-29 19:54:40 CEST
Upstream Debian package version 1.6.12dfsg-7+deb6u3 additionally fixes

* CVE-2015-3187: The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.



These are now classified as minor:
* CVE-2013-4277 (Minor issue, PID file not created by default)
* CVE-2014-3528 (Minor issue)

All other issues above are fixed in the latest upstream package.
Comment 6 Daniel Tröder univentionstaff 2015-09-30 10:45:14 CEST
1.6.12dfsg-7+deb6u3 was imported and built to scope errata3.2-7.

YAML (r64103): 2015-09-30-subversion.yaml
Comment 7 Janek Walkenhorst univentionstaff 2015-11-17 17:52:24 CET
Tests: OK
Advisory: OK
Comment 8 Janek Walkenhorst univentionstaff 2015-11-19 16:20:31 CET
<http://errata.software-univention.de/ucs/3.2/382.html>