[SECURITY] [DLA 1903-1] subversion security update

2019-08-2921:14:54

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.7%

JSON

Package : subversion
Version : 1.8.10-6+deb8u7
CVE ID : CVE-2018-11782 CVE-2019-0203

Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2018-11782

Ace Olszowka reported that the Subversion&#x27;s svnserve server process
may exit when a well-formed read-only request produces a particular
answer, leading to a denial of service.

CVE-2019-0203

Tomas Bortoli reported that the Subversion&#x27;s svnserve server process
may exit when a client sends certain sequences of protocol commands.
If the server is configured with anonymous access enabled this could
lead to a remote unauthenticated denial of service.

For Debian 8 "Jessie", these problems have been fixed in version
1.8.10-6+deb8u7.

We recommend that you upgrade your subversion packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9ppc64elpython-subversion< 1.9.5-1+deb9u4python-subversion_1.9.5-1+deb9u4_ppc64el.deb
Debian9amd64subversion< 1.9.5-1+deb9u4subversion_1.9.5-1+deb9u4_amd64.deb
Debian10amd64libsvn-java< 1.10.4-1+deb10u1libsvn-java_1.10.4-1+deb10u1_amd64.deb
Debian10armhflibapache2-mod-svn< 1.10.4-1+deb10u1libapache2-mod-svn_1.10.4-1+deb10u1_armhf.deb
Debian10s390xruby-svn-dbgsym< 1.10.4-1+deb10u1ruby-svn-dbgsym_1.10.4-1+deb10u1_s390x.deb
Debian9arm64libsvn-dev< 1.9.5-1+deb9u4libsvn-dev_1.9.5-1+deb9u4_arm64.deb
Debian10i386libsvn-dev< 1.10.4-1+deb10u1libsvn-dev_1.10.4-1+deb10u1_i386.deb
Debian10mips64elsubversion-tools< 1.10.4-1+deb10u1subversion-tools_1.10.4-1+deb10u1_mips64el.deb
Debian10mipspython-subversion-dbgsym< 1.10.4-1+deb10u1python-subversion-dbgsym_1.10.4-1+deb10u1_mips.deb
Debian10i386subversion< 1.10.4-1+deb10u1subversion_1.10.4-1+deb10u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	ppc64el	python-subversion	< 1.9.5-1+deb9u4	python-subversion_1.9.5-1+deb9u4_ppc64el.deb
Debian	9	amd64	subversion	< 1.9.5-1+deb9u4	subversion_1.9.5-1+deb9u4_amd64.deb
Debian	10	amd64	libsvn-java	< 1.10.4-1+deb10u1	libsvn-java_1.10.4-1+deb10u1_amd64.deb
Debian	10	armhf	libapache2-mod-svn	< 1.10.4-1+deb10u1	libapache2-mod-svn_1.10.4-1+deb10u1_armhf.deb
Debian	10	s390x	ruby-svn-dbgsym	< 1.10.4-1+deb10u1	ruby-svn-dbgsym_1.10.4-1+deb10u1_s390x.deb
Debian	9	arm64	libsvn-dev	< 1.9.5-1+deb9u4	libsvn-dev_1.9.5-1+deb9u4_arm64.deb
Debian	10	i386	libsvn-dev	< 1.10.4-1+deb10u1	libsvn-dev_1.10.4-1+deb10u1_i386.deb
Debian	10	mips64el	subversion-tools	< 1.10.4-1+deb10u1	subversion-tools_1.10.4-1+deb10u1_mips64el.deb
Debian	10	mips	python-subversion-dbgsym	< 1.10.4-1+deb10u1	python-subversion-dbgsym_1.10.4-1+deb10u1_mips.deb
Debian	10	i386	subversion	< 1.10.4-1+deb10u1	subversion_1.10.4-1+deb10u1_i386.deb