[Bug 1915698] Re: Apache Subversion "mod_authz_svn" Denial of Service Vulnerability
Eduardo Barretto
1915698 at bugs.launchpad.net
Tue Apr 20 12:50:59 UTC 2021
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to subversion in Ubuntu.
https://bugs.launchpad.net/bugs/1915698
Title:
Apache Subversion "mod_authz_svn" Denial of Service Vulnerability
Status in subversion package in Ubuntu:
Confirmed
Bug description:
An error in the mod_authz_svn module can be exploited to trigger a
NULL pointer dereference and subsequently cause a crash via a
specially crafted request.
Successful exploitation of this vulnerability requires the Apache
HTTPD server to be configured to use an in-repository authz file with
certain configuration directives (please see the vendor's advisory for
further details).
The vulnerability is reported in versions 1.9.0 through 1.10.6 and
1.11.0 through 1.14.0.
Affected Software
The following software is affected by the described vulnerability.
Please check the vendor links below to see if exactly your version is
affected.
Apache Subversion 1.x
Solution
Update to version 1.14.1 or 1.10.7.
References
1. https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
<https://subversion.apache.org/security/CVE-2020-17525-advisory.txt>
Please take appropriate measures.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1915698/+subscriptions
More information about the foundations-bugs
mailing list