it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4490-1] subversion security update
- Date: Wed, 31 Jul 2019 22:07:24 +0000
- List-archive: https://lists.debian.org/msgid-search/E1hswkm-0007p7-7C AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 31 Jul 2019 22:07:39 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <lfWHMtaa_mE.A.neE.rEhQdB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4490-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 01, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : subversion
CVE ID : CVE-2018-11782 CVE-2019-0203
Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2018-11782
Ace Olszowka reported that the Subversion's svnserve server process
may exit when a well-formed read-only request produces a particular
answer, leading to a denial of service.
CVE-2019-0203
Tomas Bortoli reported that the Subversion's svnserve server process
may exit when a client sends certain sequences of protocol commands.
If the server is configured with anonymous access enabled this could
lead to a remote unauthenticated denial of service.
For the oldstable distribution (stretch), these problems have been fixed
in version 1.9.5-1+deb9u4.
For the stable distribution (buster), these problems have been fixed in
version 1.10.4-1+deb10u1.
We recommend that you upgrade your subversion packages.
For the detailed security status of subversion please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/subversion
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1CEOZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Tn+xAAlXGJ2vZLwXuT+2SABhqLKTdSDEqCAwKLvHVB6LFHXFIu+WUdT8VSd6j3
lqSWzpOH4s6kmIz/yEiCWkYJmEc0hMHyPhljN+gbzpEQ3cPKyxJh9KekMEK23EpY
4DhKU+uDTCFKmsrfzcgIy8B5Bgw2H41w+MrQSonakfW7OtuVPD2s42VNd9O+JjY/
3G4GG+Udg/Sewndc2dxa8hOO2wFEWVks5g0Nt/soRwMEACQLmKeS6PwFb4PDljr8
H5fHcbQjN2UxpRKAyq2E2azSXHpUDz6psRMwfAQYs8lhx9Ozt538QaX6A6a63vLx
dtw2NVjg7Q12XDZY0Yt8V0h6oLEURLO8L1JOJeMkRiEVy6qPKQ4BLZ327uxkT4qP
La8Wk5A4Y/pr72L2WD36Y8cSWS3JFFgaFpM0kXzkfOfTClTHWamBehOnD7pslqly
ZvCmBavoslJ6uM8c/eLE6B8yaF13akqRIBeA2biaSHDEmf3mtpkDHNIGmZIMFNeE
x/Lx8PbQCq/eQ060ioEJZV4xF9nKFrDTuUs6YTaWAfHtR5bo+/5uzGVgSA7B5KU+
XZjxGnlSITMbcqwvawg9toLAyL71kenR6GdYrRculLsKtVDI+1FtCFisqPwEacUx
CaS3b0Bd8xyxbXnV0D+E/UaReS1x4i8lOSGOjj40d6b6Vv1X8Nw=
=IVo1
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4490-1] subversion security update, Salvatore Bonaccorso, 01.08.2019
Archiv bereitgestellt durch MHonArc 2.6.19.