Package subversion updated to version 1.14.0-alt1 for branch p9 in task 258831.

Published: 2016-05-10
Modified: 2021-03-23

BDU:2016-01127

Уязвимость централизованной системы управления версиями Subversion, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.0) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C

References:

Published: 2017-09-15
Modified: 2021-03-23

BDU:2017-02070

Уязвимость служб svn:externals и svn:sync-from-url централизованной системы управления версиями Subversion, позволяющая нарушителю выполнить произвольную shell-команду

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2019-08-20
Modified: 2024-11-28

BDU:2019-02929

Уязвимость серверного процесса svnserve централизованной системы управления версиями Subversion, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2019-0203

Published: 2019-08-22
Modified: 2024-11-28

BDU:2019-02960

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2018-11782

Published: 2016-01-08
Modified: 2025-04-12

CVE-2015-5259

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.

Severity: CRITICAL (9.0) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

Severity: HIGH (8.6) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

References:

Published: 2016-04-14
Modified: 2025-04-12

CVE-2015-5343

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

Severity: HIGH (8.0) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C

Severity: HIGH (7.6) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

References:

Published: 2016-05-05
Modified: 2025-04-12

CVE-2016-2167

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

Severity: MEDIUM (4.9) Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Severity: MEDIUM (6.8) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Published: 2016-05-05
Modified: 2025-04-12

CVE-2016-2168

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-10-16
Modified: 2025-04-20

CVE-2016-8734

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-08-11
Modified: 2025-04-20

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-09-26
Modified: 2024-11-21

CVE-2018-11782

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2019-09-26
Modified: 2024-11-21

CVE-2019-0203

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Обновить subversion

Version: 2.1.2

Package subversion update in p9 on 2020-10-01

ALT-PU-2020-2914-1

Closed vulnerabilities

BDU:2016-01127

BDU:2017-02070

BDU:2019-02929

BDU:2019-02960

CVE-2015-5259

CVE-2015-5343

CVE-2016-2167

CVE-2016-2168

CVE-2016-8734

CVE-2017-9800

CVE-2018-11782

CVE-2019-0203

Closed bugs

Bug #36518