4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.6%
Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522). Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528). The subversion package has been updated to 1.8.10 to fix these issues and other bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | subversion | < 1.8.10-1 | subversion-1.8.10-1.mga4 |
subversion.apache.org/security/CVE-2014-3522-advisory.txt
subversion.apache.org/security/CVE-2014-3528-advisory.txt
svn.apache.org/repos/asf/subversion/tags/1.8.10/CHANGES
www.ubuntu.com/usn/usn-2316-1/
bugs.mageia.org/show_bug.cgi?id=13838
mail-archives.apache.org/mod_mbox/subversion-dev/201408.mbox/%[email protected]%3E