Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 676094 (CVE-2018-11803) - <dev-vcs/subversion-{1.10.4,1.11.1}: malicious SVN clients can crash mod_dav_svn (CVE-2018-11803)
Summary: <dev-vcs/subversion-{1.10.4,1.11.1}: malicious SVN clients can crash mod_dav_...
Status: RESOLVED FIXED
Alias: CVE-2018-11803
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://subversion.apache.org/securit...
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks: 674984
  Show dependency tree
 
Reported: 2019-01-23 09:51 UTC by Hanno Böck
Modified: 2019-04-15 07:06 UTC (History)
2 users (show)

See Also:
Package list:
dev-vcs/subversion-1.10.4 dev-libs/libutf8proc-2.2.0_p1-r1 dev-util/netsurf-buildsystem-1.7
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2019-01-23 09:51:02 UTC
See
https://subversion.apache.org/security/CVE-2018-11803-advisory.txt

Fixed in 1.10.4 and 1.11.1. We already have 1.11.1 in the tree, should it be stabilized?
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2019-01-23 10:50:32 UTC
(In reply to Hanno Boeck from comment #0)
> See
> https://subversion.apache.org/security/CVE-2018-11803-advisory.txt
> 
> Fixed in 1.10.4 and 1.11.1. We already have 1.11.1 in the tree, should it be
> stabilized?

No, I gonna add 1.10.4 to the tree today and replace stabilization of 1.10.3 with 1.10.4
Comment 2 Larry the Git Cow gentoo-dev 2019-01-23 12:05:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=625515698353fe286516385c7d6c26ae8d3bc0b3

commit 625515698353fe286516385c7d6c26ae8d3bc0b3
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-01-23 11:58:36 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-01-23 12:05:33 +0000

    v-vcs/subversion: Security bump to version 1.10.4
    
    Bug: https://bugs.gentoo.org/676094
    Package-Manager: Portage-2.3.58, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 dev-vcs/subversion/Manifest                 |   1 +
 dev-vcs/subversion/subversion-1.10.4.ebuild | 527 ++++++++++++++++++++++++++++
 2 files changed, 528 insertions(+)
Comment 3 Rolf Eike Beer archtester 2019-01-27 11:24:46 UTC
sparc stable
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-01-27 19:44:30 UTC
amd64 stable
Comment 5 Larry the Git Cow gentoo-dev 2019-01-31 18:04:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=053c4ec2d6ea59e671294b3d346122ca52ed66dc

commit 053c4ec2d6ea59e671294b3d346122ca52ed66dc
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-31 18:04:03 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-31 18:04:03 +0000

    dev-vcs/subversion-1.10.4-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/676094
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-vcs/subversion/subversion-1.10.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6d98b580279056624c3f358e4a1f4786b4b71d0

commit a6d98b580279056624c3f358e4a1f4786b4b71d0
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-31 18:04:03 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-31 18:04:03 +0000

    dev-util/netsurf-buildsystem-1.7-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/676094
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-util/netsurf-buildsystem/netsurf-buildsystem-1.7.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92a9935e1f08d2324ba25db0ed1fa808bb407f18

commit 92a9935e1f08d2324ba25db0ed1fa808bb407f18
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-31 18:04:03 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-31 18:04:03 +0000

    dev-libs/libutf8proc-2.2.0_p1-r1: alpha stable
    
    Bug: http://bugs.gentoo.org/676094
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-libs/libutf8proc/libutf8proc-2.2.0_p1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 6 Markus Meier gentoo-dev 2019-01-31 20:20:46 UTC
arm stable
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2019-02-15 18:21:59 UTC
x86 stable
Comment 8 Matt Turner gentoo-dev 2019-03-17 21:37:08 UTC
ppc/ppc64 stable
Comment 9 Rolf Eike Beer archtester 2019-03-20 19:47:47 UTC
hppa stable
Comment 10 Matt Turner gentoo-dev 2019-03-21 22:34:10 UTC
ia64 stable
Comment 11 Matt Turner gentoo-dev 2019-03-21 22:34:29 UTC
Oops. security@... reopening.
Comment 12 Yury German Gentoo Infrastructure gentoo-dev 2019-03-22 00:07:05 UTC
Summary:
========

  Malicious SVN clients can trigger a crash in mod_dav_svn by omitting
  the root path from a recursive directory listing request.

Known vulnerable:
=================

 Subversion 1.10.0 up to, and including, 1.10.3.
 Subversion 1.11.0.

Known fixed:
============

  Subversion 1.10.4.
  Subversion 1.11.1.

Details:
========

  Subversion 1.10.0 introduced server-side support for recursive directory
  listing operations. The implementation in mod_dav_svn failed to validate
  the root path of the directory listing provided by the client. If the
  client omits the root path, mod_dav_svn will deference an uninitialized
  pointer variable and crash the HTTPD worker process handling the request.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2019-04-02 04:36:53 UTC
This issue was resolved and addressed in
 GLSA 201904-08 at https://security.gentoo.org/glsa/201904-08
by GLSA coordinator Aaron Bauman (b-man).
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2019-04-02 04:37:31 UTC
re-opened for cleanup
Comment 15 Larry the Git Cow gentoo-dev 2019-04-15 06:48:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64ca050d5c3447f07d0e146a6f52f45c0c532b11

commit 64ca050d5c3447f07d0e146a6f52f45c0c532b11
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-04-15 06:48:10 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-04-15 06:48:10 +0000

    dev-vcs/subversion: Security cleanup
    
    Bug: https://bugs.gentoo.org/676094
    Closes: https://bugs.gentoo.org/674984
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 dev-vcs/subversion/Manifest                        |   2 -
 .../subversion/files/subversion-1.9.7-kf5.patch    | 211 --------
 dev-vcs/subversion/subversion-1.9.7-r1.ebuild      | 531 ---------------------
 3 files changed, 744 deletions(-)