Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.871449 |
Category: | Red Hat Local Security Checks |
Title: | RedHat Update for subversion RHSA-2015:1742-01 |
Summary: | The remote host is missing an update for the 'subversion'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'subversion' package(s) announced via the referenced advisory. Vulnerability Insight: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. Affected Software/OS: subversion on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-0248 http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html BugTraq ID: 74260 http://www.securityfocus.com/bid/74260 Debian Security Information: DSA-3231 (Google Search) http://www.debian.org/security/2015/dsa-3231 https://security.gentoo.org/glsa/201610-05 http://www.mandriva.com/security/advisories?name=MDVSA-2015:192 RedHat Security Advisories: RHSA-2015:1633 http://rhn.redhat.com/errata/RHSA-2015-1633.html RedHat Security Advisories: RHSA-2015:1742 http://rhn.redhat.com/errata/RHSA-2015-1742.html http://www.securitytracker.com/id/1033214 SuSE Security Announcement: openSUSE-SU-2015:0672 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html http://www.ubuntu.com/usn/USN-2721-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0251 BugTraq ID: 74259 http://www.securityfocus.com/bid/74259 http://seclists.org/fulldisclosure/2015/Jun/32 Common Vulnerability Exposure (CVE) ID: CVE-2015-3184 http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html BugTraq ID: 76274 http://www.securityfocus.com/bid/76274 Debian Security Information: DSA-3331 (Google Search) http://www.debian.org/security/2015/dsa-3331 http://www.securitytracker.com/id/1033215 SuSE Security Announcement: openSUSE-SU-2015:1401 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2015-3187 BugTraq ID: 76273 http://www.securityfocus.com/bid/76273 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |