Lucene search

Gentoo FoundationMGASA-2014-0339

HistoryAug 21, 2014 - 1:36 p.m.

Updated subversion packages fix security vulnerabilities

2014-08-2113:36:13

Gentoo Foundation

advisories.mageia.org

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.6%

JSON

Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522). Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528). The subversion package has been updated to 1.8.10 to fix these issues and other bugs.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchsubversion< 1.8.10-1subversion-1.8.10-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	subversion	< 1.8.10-1	subversion-1.8.10-1.mga4

References

subversion.apache.org/security/CVE-2014-3522-advisory.txt

subversion.apache.org/security/CVE-2014-3528-advisory.txt

svn.apache.org/repos/asf/subversion/tags/1.8.10/CHANGES

www.ubuntu.com/usn/usn-2316-1/

bugs.mageia.org/show_bug.cgi?id=13838

mail-archives.apache.org/mod_mbox/subversion-dev/201408.mbox/%[email protected]%3E

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.6%

JSON

Related for MGASA-2014-0339