View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Oct 11, 2016 1:26 pm Post subject: [ GLSA 201610-05 ] Subversion, Serf |
|
|
Gentoo Linux Security Advisory
Title: Subversion, Serf: Multiple Vulnerabilities (GLSA 201610-05)
Severity: normal
Exploitable: remote
Date: October 11, 2016
Bug(s): #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046
ID: 201610-05
Synopsis
Multiple vulnerabilities have been found in Subversion and Serf,
the worst of which could lead to execution of arbitrary code.
Background
Subversion is a version control system intended to eventually replace
CVS. Like CVS, it has an optional client-server architecture (where the
server can be an Apache server running mod_svn, or an ssh program as in
CVS’s :ext: method). In addition to supporting the features found in
CVS, Subversion also provides support for moving and copying files and
directories.
The serf library is a high performance C-based HTTP client library built
upon the Apache Portable Runtime (APR) library.
Affected Packages
Package: dev-vcs/subversion
Vulnerable: < 1.9.4
Unaffected: >= 1.9.4
Unaffected: > 1.8.16 < 1.8.17
Architectures: All supported architectures
Package: net-libs/serf
Vulnerable: < 1.3.7
Unaffected: >= 1.3.7
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Subversion and Serf.
Please review the CVE identifiers referenced below for details
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, conduct a man-in-the-middle attack, obtain
sensitive information, or cause a Denial of Service Condition.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
| All Serf users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
|
References
CVE-2014-0032
CVE-2014-3504
CVE-2014-3522
CVE-2014-3528
CVE-2015-0202
CVE-2015-0248
CVE-2015-0251
CVE-2015-3184
CVE-2015-3187
CVE-2015-5259
CVE-2016-2167
CVE-2016-2168 |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|