Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2017:2200-1
HistoryAug 17, 2017 - 12:10 p.m.

Security update for subversion (important)

2017-08-1712:10:12
lists.opensuse.org
38

0.95 High

EPSS

Percentile

99.1%

JSON

This update for subversion fixes the following issues:

  • CVE-2017-9800: A malicious, compromised server or MITM may cause svn
    client to execute arbitrary commands by sending repository content with
    svn:externals definitions pointing to crafted svn+ssh URLs. (bsc#1051362)

  • Malicious user may commit SHA-1 collisions and cause repository
    inconsistencies (bsc#1026936)

  • CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and
    Subversion clients using http(s):// could lead to denial of service
    (bsc#1011552)

  • CVE-2016-2167: svnserve/sasl may authenticate users using the wrong
    realm (bsc#976849)

  • CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
    during COPY/MOVE authorization check (bsc#976850)

  • mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (bsc#977424)

  • make the subversion package conflict with KWallet and Gnome Keyring
    packages with do not require matching subversion versions in SLE 12 and
    openSUSE Leap 42.1 and thus break the main package upon partial upgrade.
    (bsc#969159)

  • CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read
    in mod_dav_svn caused by integer overflow when parsing skel-encoded
    request bodies. (bsc#958300)

  • Avoid recommending 180+ new pkgs for installation on minimal setup due
    subversion-password-store (bsc#942819)

  • CVE-2015-3184: mod_authz_svn: mixed anonymous/authenticated httpd (dav)
    configurations could lead to information leak (bsc#939514)

  • CVE-2015-3187: do not leak paths that were hidden by path-based authz
    (bsc#939517)

  • CVE-2015-0202: Subversion HTTP servers with FSFS repositories were
    vulnerable to a remotely triggerable excessive memory use with certain
    REPORT requests. (bsc#923793)

  • CVE-2015-0248: Subversion mod_dav_svn and svnserve were vulnerable to a
    remotely triggerable assertion DoS vulnerability for certain requests
    with dynamically evaluated revision numbers. (bsc#923794)

  • CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author
    property values for new revisions (bsc#923795)

  • fix sample configuration comments in subversion.conf (bsc#916286)

  • fix sysconfig file generation (bsc#911620)

  • CVE-2014-3580: mod_dav_svn invalid REPORT requests could lead to denial
    of service (bsc#909935)

  • CVE-2014-8108: mod_dav_svn use of invalid transaction names could lead
    to denial of service (bsc#909935)

  • INSTALL#SQLite says ‘Subversion 1.8 requires SQLite version 3.7.12 or
    above’; therefore I lowered the sqlite requirement to make the
    subversion run on
    older system versions, tooi. [bsc#897033]

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Software Development Kit12.2ppc64lesubversion-server< 1.8.19-25.3.1subversion-server-1.8.19-25.3.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.3ppc64lesubversion-debuginfo< 1.8.19-25.3.1subversion-debuginfo-1.8.19-25.3.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.2noarchsubversion-bash-completion< 1.8.19-25.3.1subversion-bash-completion-1.8.19-25.3.1.noarch.rpm
SUSE Linux Enterprise Software Development Kit12.3s390xlibsvn_auth_gnome_keyring-1-0-debuginfo< 1.8.19-25.3.1libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.19-25.3.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit12.2s390xsubversion-tools-debuginfo< 1.8.19-25.3.1subversion-tools-debuginfo-1.8.19-25.3.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit12.2x86_64subversion-debuginfo< 1.8.19-25.3.1subversion-debuginfo-1.8.19-25.3.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit12.2x86_64subversion-server< 1.8.19-25.3.1subversion-server-1.8.19-25.3.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit12.3ppc64lesubversion< 1.8.19-25.3.1subversion-1.8.19-25.3.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.2ppc64lesubversion-devel< 1.8.19-25.3.1subversion-devel-1.8.19-25.3.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.2x86_64subversion-tools< 1.8.19-25.3.1subversion-tools-1.8.19-25.3.1.x86_64.rpm
Rows per page:
1-10 of 1141

Related

ubuntu 3
openvas 42
securityvulns 6
nessus 65
oraclelinux 3
redhat 3
centos 3
veracode 3
fedora 7
f5 2
mageia 6
freebsd 5
amazon 6
cloudfoundry 1
gentoo 1
archlinux 3
osv 7
debian 10
kaspersky 1
slackware 2
suse 1
apple 2
rosalinux 1
cve 4
debiancve 4
prion 3
ubuntucve 3
checkpoint_advisories 1
redhatcve 1
ubuntu
ubuntu
Subversion vulnerabilities
2015-08-20 00:00:00
Subversion vulnerabilities
2017-08-11 00:00:00
Subversion vulnerabilities
2017-10-24 00:00:00
openvas
openvas
Ubuntu Update for subversion USN-2721-1
2015-08-21 00:00:00
Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2550)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2669)
2020-01-23 00:00:00
securityvulns
securityvulns
[USN-2721-1] Subversion vulnerabilities
2015-08-24 00:00:00
Apache Subversion multiple security vulnerabilities
2015-04-07 00:00:00
[ MDVSA-2015:192 ] subversion
2015-04-07 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Subversion vulnerabilities (USN-2721-1)
2015-08-21 00:00:00
EulerOS 2.0 SP5 : subversion (EulerOS-SA-2019-2550)
2019-12-09 00:00:00
EulerOS 2.0 SP3 : subversion (EulerOS-SA-2019-2669)
2019-12-18 00:00:00
oraclelinux
oraclelinux
subversion security update
2015-09-08 00:00:00
subversion security update
2015-08-17 00:00:00
subversion security update
2015-02-10 00:00:00
redhat
redhat
(RHSA-2015:1742) Moderate: subversion security update
2015-09-08 00:00:00
(RHSA-2015:1633) Moderate: subversion security update
2015-08-17 00:00:00
(RHSA-2015:0166) Moderate: subversion security update
2015-02-10 00:00:00
centos
centos
mod_dav_svn, subversion security update
2015-09-08 21:07:49
mod_dav_svn, subversion security update
2015-08-17 15:33:54
mod_dav_svn, subversion security update
2015-02-11 00:09:48
veracode
veracode
Spoofable Server
2019-05-02 05:17:54
Information Disclosure
2019-05-02 05:17:54
Denial Of Service (DoS)
2020-09-21 06:23:25
fedora
fedora
[SECURITY] Fedora 21 Update: subversion-1.8.13-7.fc21
2015-07-29 01:54:00
[SECURITY] Fedora 22 Update: subversion-1.8.15-1.fc22
2016-02-29 22:28:19
[SECURITY] Fedora 21 Update: subversion-1.8.11-1.fc21
2015-01-05 07:39:50
f5
f5
K17453 : Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187
2015-10-16 00:00:00
SOL17453 - Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187
2015-10-16 00:00:00
mageia
mageia
Updated subversion packages fix security vulnerabilities
2015-05-03 03:19:16
Updated subversion packages fix security vulnerabilities
2014-12-23 23:35:35
Updated subversion packages fix security vulnerabilities
2016-05-05 12:05:33
freebsd
freebsd
subversion -- DoS vulnerabilities
2015-03-31 00:00:00
subversion -- DoS vulnerabilities
2014-12-13 00:00:00
subversion -- multiple vulnerabilities
2016-04-21 00:00:00
amazon
amazon
Medium: subversion, mod_dav_svn
2015-08-24 22:27:00
Important: mod_dav_svn, subversion
2016-03-29 15:30:00
Medium: mod_dav_svn, subversion
2015-06-24 10:08:00
cloudfoundry
cloudfoundry
USN-3388-1: Subversion vulnerabilities | Cloud Foundry
2017-08-17 00:00:00
gentoo
gentoo
Subversion, Serf: Multiple Vulnerabilities
2016-10-11 00:00:00
archlinux
archlinux
subversion: denial of service
2014-12-16 00:00:00
subversion: authentication bypass
2015-08-14 00:00:00
subversion: multiple issues
2016-06-08 00:00:00
osv
osv
subversion - security update
2016-04-29 00:00:00
subversion - security update
2016-05-01 00:00:00
subversion - security update
2015-08-10 00:00:00
debian
debian
[SECURITY] [DSA 3331-1] subversion security update
2015-08-10 18:21:41
[SECURITY] [DSA 3231-1] subversion security update
2015-04-21 17:34:36
[SECURITY] [DSA 3561-1] subversion security update
2016-04-29 13:04:16
kaspersky
kaspersky
KLA10808 Multiple vulnerabilities in Apache Subversion
2016-05-05 00:00:00
slackware
slackware
[slackware-security] subversion
2016-04-30 20:34:18
[slackware-security] subversion
2016-04-06 05:07:52
suse
suse
Security update for subversion (important)
2017-08-14 18:08:39
apple
apple
About the security content of Xcode 7.3
2016-03-21 00:00:00
About the security content of Xcode 7.3 - Apple Support
2017-01-23 03:54:36
rosalinux
rosalinux
Advisory ROSA-SA-2021-1979
2021-07-02 18:11:52
cve
cve
CVE-2014-8108
2014-12-18 15:59:00
CVE-2015-5343
2016-04-14 14:59:00
CVE-2016-8734
2017-10-16 13:29:00
debiancve
debiancve
CVE-2014-8108
2014-12-18 15:59:00
CVE-2015-5343
2016-04-14 14:59:00
CVE-2016-8734
2017-10-16 13:29:00
prion
prion
Null pointer dereference
2014-12-18 15:59:00
Integer overflow
2016-04-14 14:59:00
Design/Logic Flaw
2017-10-16 13:29:00
ubuntucve
ubuntucve
CVE-2014-8108
2014-12-18 00:00:00
CVE-2016-8734
2016-11-30 00:00:00
CVE-2015-5343
2015-12-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Subversion mod_dav_svn Integer Overflow (CVE-2015-5343)
2016-03-15 00:00:00
redhatcve
redhatcve
CVE-2016-8734
2016-11-29 23:47:25

0.95 High

EPSS

Percentile

99.1%

JSON
Related for SUSE-SU-2017:2200-1
ubuntu3openvas42securityvulns6nessus65oraclelinux3redhat3centos3veracode3fedora7f52mageia6freebsd5amazon6cloudfoundry1gentoo1archlinux3osv7debian10kaspersky1slackware2suse1apple2rosalinux1cve4debiancve4prion3ubuntucve3checkpoint_advisories1redhatcve1