Summary: | <dev-vcs/subversion-1.7.11 : multiple vulnerabilities (CVE-2013-{1968,2088,2112,4131}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | slawomir.nizio, tommy |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/53692/ | ||
Whiteboard: | C2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-06-03 18:28:23 UTC
From https://secunia.com/advisories/53727/ : Description A vulnerability has been reported in Apache Subversion, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an input validation error in the svn-keyword-check.pl hook script while processing filenames and can be exploited to inject and execute arbitrary shell commands via a specially crafted request. Successful exploitation requires that contrib scripts are used on the server. The vulnerability is reported in versions 1.6.22 and prior and versions 1.7.10 and prior. Solution Apply fixes. Further details available to Secunia VIM customers Provided and/or discovered by The vendor credits Daniel Shahaf, elego Software Solutions Original Advisory http://subversion.apache.org/security/CVE-2013-2088-advisory.txt @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not. B3 for the first set, C2 for the second one. Need a version bump to 1.7.10/1.6.22 and to apply the patch in [1]. The second comment's vulnerability is fixed in 1.7.11/1.6.23, but those are not released yet. [1] http://svn.apache.org/viewvc?view=revision&revision=1485487 Red Hat bugs: https://bugzilla.redhat.com/show_bug.cgi?id=970027 https://bugzilla.redhat.com/show_bug.cgi?id=970014 https://bugzilla.redhat.com/show_bug.cgi?id=970037 also: http://subversion.apache.org/security/CVE-2013-4131-advisory.txt 1.7.11 and 1.8.1 have been released. 1.7.11 in tree, no 1.6 update, as we dont have that series in tree adding arches Please stabilize: =dev-vcs/subversion-1.7.11 target keywords: alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris amd64 stable x86 stable Stable for HPPA. alpha stable arm stable ia64 stable ppc64 stable ppc stable s390 stable sh stable sparc stable subversion-1.7.11.ebuild has a digest verification problem Calculating dependencies - * Digest verification failed: * /usr/portage/dev-vcs/subversion/subversion-1.7.11.ebuild * Reason: Filesize does not match recorded size * Got: 14633 * Expected: 14632 Manifest issue has been fixed in the meantime, all stable arches done, affected older versions removed CVE-2013-2112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112): The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. CVE-2013-2088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088): contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. CVE-2013-1968 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968): Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. CVE-2013-4131 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131): The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. This issue was resolved and addressed in GLSA 201309-11 at http://security.gentoo.org/glsa/glsa-201309-11.xml by GLSA coordinator Sean Amoss (ackle). |