MGASA-2014-0339
- Source
- https://advisories.mageia.org/MGASA-2014-0339.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0339.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2014-0339
- Related
- Published
- 2014-08-21T09:36:13Z
- Modified
- 2014-08-21T09:10:00Z
- Summary
- Updated subversion packages fix security vulnerabilities
- Details
-
Updated subversion packages fix security vulnerabilities:
Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522).
Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528).
The subversion package has been updated to 1.8.10 to fix these issues and other bugs.
- References
-
- https://advisories.mageia.org/MGASA-2014-0339.html
- https://bugs.mageia.org/show_bug.cgi?id=13838
- http://subversion.apache.org/security/CVE-2014-3522-advisory.txt
- http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
- https://mail-archives.apache.org/mod_mbox/subversion-dev/201408.mbox/%3C53E8E6BA.5030100@apache.org%3E
- http://svn.apache.org/repos/asf/subversion/tags/1.8.10/CHANGES
- http://www.ubuntu.com/usn/usn-2316-1/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/mageia/subversion?distro=mageia-4