[Bug 1915698] Re: Apache Subversion "mod_authz_svn" Denial of Service Vulnerability
Seth Arnold
1915698 at bugs.launchpad.net
Thu Feb 18 01:59:40 UTC 2021
** Information type changed from Private Security to Public Security
** Changed in: subversion (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to subversion in Ubuntu.
https://bugs.launchpad.net/bugs/1915698
Title:
Apache Subversion "mod_authz_svn" Denial of Service Vulnerability
Status in subversion package in Ubuntu:
Confirmed
Bug description:
An error in the mod_authz_svn module can be exploited to trigger a
NULL pointer dereference and subsequently cause a crash via a
specially crafted request.
Successful exploitation of this vulnerability requires the Apache
HTTPD server to be configured to use an in-repository authz file with
certain configuration directives (please see the vendor's advisory for
further details).
The vulnerability is reported in versions 1.9.0 through 1.10.6 and
1.11.0 through 1.14.0.
Affected Software
The following software is affected by the described vulnerability.
Please check the vendor links below to see if exactly your version is
affected.
Apache Subversion 1.x
Solution
Update to version 1.14.1 or 1.10.7.
References
1. https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
<https://subversion.apache.org/security/CVE-2020-17525-advisory.txt>
Please take appropriate measures.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1915698/+subscriptions
More information about the foundations-bugs
mailing list