Medium: subversion

Issue Overview:

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected Packages:

subversion

Issue Correction:
Run yum update subversion to update your system.

New Packages:

i686:  
    subversion-tools-1.8.10-1.44.amzn1.i686  
    subversion-1.8.10-1.44.amzn1.i686  
    subversion-libs-1.8.10-1.44.amzn1.i686  
    subversion-ruby-1.8.10-1.44.amzn1.i686  
    mod_dav_svn-1.8.10-1.44.amzn1.i686  
    subversion-javahl-1.8.10-1.44.amzn1.i686  
    subversion-python-1.8.10-1.44.amzn1.i686  
    subversion-perl-1.8.10-1.44.amzn1.i686  
    subversion-devel-1.8.10-1.44.amzn1.i686  
    subversion-debuginfo-1.8.10-1.44.amzn1.i686  
  
src:  
    subversion-1.8.10-1.44.amzn1.src  
  
x86_64:  
    subversion-javahl-1.8.10-1.44.amzn1.x86_64  
    subversion-devel-1.8.10-1.44.amzn1.x86_64  
    subversion-libs-1.8.10-1.44.amzn1.x86_64  
    subversion-python-1.8.10-1.44.amzn1.x86_64  
    subversion-perl-1.8.10-1.44.amzn1.x86_64  
    subversion-debuginfo-1.8.10-1.44.amzn1.x86_64  
    subversion-ruby-1.8.10-1.44.amzn1.x86_64  
    mod_dav_svn-1.8.10-1.44.amzn1.x86_64  
    subversion-tools-1.8.10-1.44.amzn1.x86_64  
    subversion-1.8.10-1.44.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-3522

Mitre: CVE-2014-3522