MGASA-2015-0326
- Source
- https://advisories.mageia.org/MGASA-2015-0326.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0326.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2015-0326
- Related
- Published
- 2015-08-27T20:49:46Z
- Modified
- 2015-08-27T20:34:33Z
- Summary
- Updated subversion packages fix security vulnerabilities
- Details
-
Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible (CVE-2015-3184).
Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerablity only reveals the path, it does not reveal the contents of the path (CVE-2015-3187).
This update also re-enables the java subpackage for the Mageia 5 subversion package (mga#16075).
- References
-
- https://advisories.mageia.org/MGASA-2015-0326.html
- https://bugs.mageia.org/show_bug.cgi?id=16572
- https://bugs.mageia.org/show_bug.cgi?id=16075
- http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
- http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
- http://svn.haxx.se/dev/archive-2015-08/0024.shtml
- http://svn.apache.org/repos/asf/subversion/tags/1.8.14/CHANGES
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/mageia/subversion?distro=mageia-5
Mageia:4 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/mageia/subversion?distro=mageia-4