1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4490-1] subversion security update

    From Salvatore Bonaccorso@1:229/2 to All on Thu Aug 1 00:10:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4490-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 01, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : subversion
    CVE ID : CVE-2018-11782 CVE-2019-0203

    Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

    CVE-2018-11782

    Ace Olszowka reported that the Subversion's svnserve server process
    may exit when a well-formed read-only request produces a particular
    answer, leading to a denial of service.

    CVE-2019-0203

    Tomas Bortoli reported that the Subversion's svnserve server process
    may exit when a client sends certain sequences of protocol commands.
    If the server is configured with anonymous access enabled this could
    lead to a remote unauthenticated denial of service.

    For the oldstable distribution (stretch), these problems have been fixed
    in version 1.9.5-1+deb9u4.

    For the stable distribution (buster), these problems have been fixed in
    version 1.10.4-1+deb10u1.

    We recommend that you upgrade your subversion packages.

    For the detailed security status of subversion please refer to its
    security tracker page at: https://security-tracker.debian.org/tracker/subversion

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1CEOZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Tn+xAAlXGJ2vZLwXuT+2SABhqLKTdSDEqCAwKLvHVB6LFHXFIu+WUdT8VSd6j3 lqSWzpOH4s6kmIz/yEiCWkYJmEc0hMHyPhljN+gbzpEQ3cPKyxJh9KekMEK23EpY 4DhKU+uDTCFKmsrfzcgIy8B5Bgw2H41w+MrQSonakfW7OtuVPD2s42VNd9O+JjY/ 3G4GG+Udg/Sewndc2dxa8hOO2wFEWVks5g0Nt/soRwMEACQLmKeS6PwFb4PDljr8 H5fHcbQjN2UxpRKAyq2E2azSXHpUDz6psRMwfAQYs8lhx9Ozt538QaX6A6a63vLx dtw2NVjg7Q12XDZY0Yt8V0h6oLEURLO8L1JOJeMkRiEVy6qPKQ4BLZ327uxkT4qP La8Wk5A4Y/pr72L2WD36Y8cSWS3JFFgaFpM0kXzkfOfTClTHWamBehOnD7pslqly ZvCmBavoslJ6uM8c/eLE6B8yaF13akqRIBeA2biaSHDEmf3mtpkDHNIGmZIMFNeE x/Lx8PbQCq/eQ060ioEJZV4xF9nKFrDTuUs6YTaWAfHtR5bo+/5uzGVgSA7B5KU+ XZjxGnlSITMbcqwvawg9toLAyL71kenR6GdYrRculLsKtVDI+1FtCFisqPwEacUx CaS3b0Bd8xyxbXnV0D+E/UaReS1x4i8lOSGOjj40d6b6Vv1X8Nw=
    =IVo1
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)