MGASA-2015-0490
- Source
- https://advisories.mageia.org/MGASA-2015-0490.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0490.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2015-0490
- Related
- Published
- 2015-12-28T19:23:26Z
- Modified
- 2022-03-11T19:48:20Z
- Summary
- Updated subversion packages fix security vulnerabilities
- Details
-
Updated subversion packages fix security vulnerability:
Subversion's httpd servers are vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies (CVE-2015-5343).
This allows remote attackers with write access to a repository to cause a denial of service or possibly execute arbitrary code under the context of the httpd process. 32-bit server versions are vulnerable to both the denial-of-service attack and possible arbitrary code execution. 64-bit server versions are only vulnerable to the denial-of-service attack.
- References
-
- https://advisories.mageia.org/MGASA-2015-0490.html
- https://bugs.mageia.org/show_bug.cgi?id=17353
- http://mail-archives.apache.org/mod_mbox/subversion-dev/201512.mbox/%3CCAP_GPNieJGPDbf=nmbSdf+CTMZ=5pREoqwnDNvO80mfAKNaY7Q@mail.gmail.com%3E
- http://svn.apache.org/repos/asf/subversion/tags/1.8.15/CHANGES
- http://subversion.apache.org/security/CVE-2015-5343-advisory.txt
- https://www.debian.org/security/2015/dsa-3424
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/mageia/subversion?distro=mageia-5