Summary: | <dev-vcs/subversion-{1.10.4,1.11.1}: malicious SVN clients can crash mod_dav_svn (CVE-2018-11803) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | polynomial-c, viklevin2 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://subversion.apache.org/security/CVE-2018-11803-advisory.txt | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
dev-vcs/subversion-1.10.4
dev-libs/libutf8proc-2.2.0_p1-r1
dev-util/netsurf-buildsystem-1.7
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 674984 |
Description
Hanno Böck
2019-01-23 09:51:02 UTC
(In reply to Hanno Boeck from comment #0) > See > https://subversion.apache.org/security/CVE-2018-11803-advisory.txt > > Fixed in 1.10.4 and 1.11.1. We already have 1.11.1 in the tree, should it be > stabilized? No, I gonna add 1.10.4 to the tree today and replace stabilization of 1.10.3 with 1.10.4 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=625515698353fe286516385c7d6c26ae8d3bc0b3 commit 625515698353fe286516385c7d6c26ae8d3bc0b3 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-01-23 11:58:36 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-01-23 12:05:33 +0000 v-vcs/subversion: Security bump to version 1.10.4 Bug: https://bugs.gentoo.org/676094 Package-Manager: Portage-2.3.58, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> dev-vcs/subversion/Manifest | 1 + dev-vcs/subversion/subversion-1.10.4.ebuild | 527 ++++++++++++++++++++++++++++ 2 files changed, 528 insertions(+) sparc stable amd64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=053c4ec2d6ea59e671294b3d346122ca52ed66dc commit 053c4ec2d6ea59e671294b3d346122ca52ed66dc Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-01-31 18:04:03 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-01-31 18:04:03 +0000 dev-vcs/subversion-1.10.4-r0: alpha stable Bug: http://bugs.gentoo.org/676094 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> dev-vcs/subversion/subversion-1.10.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6d98b580279056624c3f358e4a1f4786b4b71d0 commit a6d98b580279056624c3f358e4a1f4786b4b71d0 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-01-31 18:04:03 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-01-31 18:04:03 +0000 dev-util/netsurf-buildsystem-1.7-r0: alpha stable Bug: http://bugs.gentoo.org/676094 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> dev-util/netsurf-buildsystem/netsurf-buildsystem-1.7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92a9935e1f08d2324ba25db0ed1fa808bb407f18 commit 92a9935e1f08d2324ba25db0ed1fa808bb407f18 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-01-31 18:04:03 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-01-31 18:04:03 +0000 dev-libs/libutf8proc-2.2.0_p1-r1: alpha stable Bug: http://bugs.gentoo.org/676094 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> dev-libs/libutf8proc/libutf8proc-2.2.0_p1-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) arm stable x86 stable ppc/ppc64 stable hppa stable ia64 stable Oops. security@... reopening. Summary: ======== Malicious SVN clients can trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request. Known vulnerable: ================= Subversion 1.10.0 up to, and including, 1.10.3. Subversion 1.11.0. Known fixed: ============ Subversion 1.10.4. Subversion 1.11.1. Details: ======== Subversion 1.10.0 introduced server-side support for recursive directory listing operations. The implementation in mod_dav_svn failed to validate the root path of the directory listing provided by the client. If the client omits the root path, mod_dav_svn will deference an uninitialized pointer variable and crash the HTTPD worker process handling the request. This issue was resolved and addressed in GLSA 201904-08 at https://security.gentoo.org/glsa/201904-08 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64ca050d5c3447f07d0e146a6f52f45c0c532b11 commit 64ca050d5c3447f07d0e146a6f52f45c0c532b11 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-04-15 06:48:10 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-04-15 06:48:10 +0000 dev-vcs/subversion: Security cleanup Bug: https://bugs.gentoo.org/676094 Closes: https://bugs.gentoo.org/674984 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> dev-vcs/subversion/Manifest | 2 - .../subversion/files/subversion-1.9.7-kf5.patch | 211 -------- dev-vcs/subversion/subversion-1.9.7-r1.ebuild | 531 --------------------- 3 files changed, 744 deletions(-) |