Lucene search

Gentoo FoundationMGASA-2014-0545

HistoryDec 23, 2014 - 11:35 p.m.

Updated subversion packages fix security vulnerabilities

2014-12-2323:35:35

Gentoo Foundation

advisories.mageia.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchsubversion< 1.8.11-1subversion-1.8.11-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	subversion	< 1.8.11-1	subversion-1.8.11-1.mga4

References

subversion.apache.org/security/CVE-2014-3580-advisory.txt

subversion.apache.org/security/CVE-2014-8108-advisory.txt

bugs.mageia.org/show_bug.cgi?id=14826

bugzilla.redhat.com/show_bug.cgi?id=1174054

bugzilla.redhat.com/show_bug.cgi?id=1174057

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Related for MGASA-2014-0545