UBUNTU-CVE-2014-3522
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2014-3522
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3522.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-3522
- Related
- Published
- 2014-08-12T00:00:00Z
- Modified
- 2014-08-12T00:00:00Z
- Summary
- [none]
- Details
-
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
- References
Affected packages
Ubuntu:14.04:LTS / subversion
Package
- Name
- subversion
- Purl
- pkg:deb/ubuntu/subversion@1.8.8-1ubuntu3.1?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.8-1ubuntu3.1
Affected versions
1.*
1.7.9-1+nmu6ubuntu3
1.7.13-2ubuntu1
1.7.13-2ubuntu2
1.7.13-2ubuntu3
1.7.14-1ubuntu2
1.8.5-2ubuntu3
1.8.8-1ubuntu2
1.8.8-1ubuntu3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libsvn-java": "1.8.8-1ubuntu3.1",
"libsvn-perl": "1.8.8-1ubuntu3.1",
"libsvn1": "1.8.8-1ubuntu3.1",
"subversion": "1.8.8-1ubuntu3.1",
"subversion-dbg": "1.8.8-1ubuntu3.1",
"ruby-svn": "1.8.8-1ubuntu3.1",
"python-subversion": "1.8.8-1ubuntu3.1",
"subversion-tools": "1.8.8-1ubuntu3.1",
"libsvn-ruby1.8": "1.8.8-1ubuntu3.1",
"libapache2-svn": "1.8.8-1ubuntu3.1",
"libapache2-mod-svn": "1.8.8-1ubuntu3.1",
"libsvn-doc": "1.8.8-1ubuntu3.1",
"libsvn-dev": "1.8.8-1ubuntu3.1",
"python-subversion-dbg": "1.8.8-1ubuntu3.1"
}
]
}