Mandriva Linux Security Advisory 2015-085 - The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service via an OPTIONS request. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.
01aff36f339d42406e0aae560444ac58ac7a1af4b623272cb7f496e90441e981-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:085
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : subversion
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated subversion packages fix security vulnerabilities:
The mod_dav_svn module in Apache Subversion before 1.8.8, when
SVNListParentPath is enabled, allows remote attackers to cause a
denial of service (crash) via an OPTIONS request (CVE-2014-0032).
Ben Reser discovered that Subversion did not correctly validate SSL
certificates containing wildcards. A remote attacker could exploit this
to perform a man in the middle attack to view sensitive information
or alter encrypted communications (CVE-2014-3522).
Bert Huijben discovered that Subversion did not properly handle
cached credentials. A malicious server could possibly use this issue
to obtain credentials cached for a different server (CVE-2014-3528).
A NULL pointer dereference flaw was found in the way mod_dav_svn
handled REPORT requests. A remote, unauthenticated attacker could
use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580).
A NULL pointer dereference flaw was found in the way mod_dav_svn
handled URIs for virtual transaction names. A remote, unauthenticated
attacker could send a request for a virtual transaction name that
does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://advisories.mageia.org/MGASA-2014-0105.html
http://advisories.mageia.org/MGASA-2014-0339.html
http://advisories.mageia.org/MGASA-2014-0545.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
3c1e67f77228815883b105a8e62a10e0 mbs2/x86_64/apache-mod_dav_svn-1.8.11-1.mbs2.x86_64.rpm
35c5f1efb679c09bc48d917b94954713 mbs2/x86_64/lib64svn0-1.8.11-1.mbs2.x86_64.rpm
56722eb7ac7b08654d795a5981ebd210 mbs2/x86_64/lib64svnjavahl1-1.8.11-1.mbs2.x86_64.rpm
e1479d1c61864767d56a147bb4ee9b7f mbs2/x86_64/perl-SVN-1.8.11-1.mbs2.x86_64.rpm
7c4d79f31b0559c22cc84f39a06f9da0 mbs2/x86_64/perl-svn-devel-1.8.11-1.mbs2.x86_64.rpm
14720ab01668a9d04b566d5102c09f68 mbs2/x86_64/python-svn-1.8.11-1.mbs2.x86_64.rpm
07db3a7142457efc1e0547fd40bbf03f mbs2/x86_64/python-svn-devel-1.8.11-1.mbs2.x86_64.rpm
8d0511abbed2c57f505183bf00c4ab0d mbs2/x86_64/ruby-svn-1.8.11-1.mbs2.x86_64.rpm
8d062f6dd429b87f2b1d432c92e9a84a mbs2/x86_64/ruby-svn-devel-1.8.11-1.mbs2.x86_64.rpm
31e14a18991a2383065a069d53d3cd4e mbs2/x86_64/subversion-1.8.11-1.mbs2.x86_64.rpm
1ce1c374c428409e8a6380d64b8706f8 mbs2/x86_64/subversion-devel-1.8.11-1.mbs2.x86_64.rpm
052411de41e785decc0bc130e2756eff mbs2/x86_64/subversion-doc-1.8.11-1.mbs2.x86_64.rpm
98c1473e3721e4c9a6996db448c6ff36 mbs2/x86_64/subversion-server-1.8.11-1.mbs2.x86_64.rpm
6ad3881116530af4d889bb6c142d70dc mbs2/x86_64/subversion-tools-1.8.11-1.mbs2.x86_64.rpm
3fb0c871a5771c8fe4c6475b5ac0406c mbs2/x86_64/svn-javahl-1.8.11-1.mbs2.x86_64.rpm
45e0624a89e4c79d4739cd4eb22d9a29 mbs2/SRPMS/subversion-1.8.11-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFl6JmqjQ0CJFipgRAgkVAJ4xKUzteqhyYcBC4AuYoZ7Lv3oQZQCfROhl
NaJSaZq4W6qIMwD8fhQF5Ls=
=R/mF
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed