|
|
Log in / Subscribe / Register

Ubuntu alert USN-7818-2 (subversion)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7818-2] Apache Subversion vulnerability


Date:
              Thu, 16 Oct 2025 13:33:23 +0000


Message-ID:
              <E1v9O6d-0002vn-Vf@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7818-2
October 16, 2025

subversion vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Apache Subversion could be made to crash if it opened a specially crafted
file.

Software Description:
- subversion: Advanced version control system

Details:

USN-7818-1 fixed vulnerabilities in Apache Subversion. This update provides
the corresponding update for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, and Ubuntu 24.04 LTS.

Original advisory details:

 It was discovered that Apache Subversion incorrectly parsed control
 characters in filenames. An attacker could possibly use this issue to
 commit a corrupted revision to a repository, leading to a denial of
 service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  subversion                      1.14.3-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  subversion                      1.14.1-3ubuntu0.22.04.1+esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  subversion                      1.13.0-3ubuntu0.2+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  subversion                      1.9.7-4ubuntu1.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7818-2
  https://ubuntu.com/security/notices/USN-7818-1
  CVE-2024-46901




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjw874ACgkQcpJm3tlz
hgHPOg//a4qYs/boUJ4o9iYfJMK3+TkgH9sVzeOpSkAvUL5z5ynFFWvaENFLRwuW
IKX/HafWBI/QT34DVAe1WBYBbI7IbDdK9vHDHYV2Vg7QR8nBubl6baUQlIA4MlEH
mvYChsR/jncn8RkC3hQK9bVqcfY4Tbhf6ODBVKysfJve9BtKYOpfencRk9mRI4Ct
EBoFYIG4zf/y9eMN8/njQD4vww9PF01PMCI2xwcPpWRlzlCqiKUrTweDnjpOdiWo
0COCzzKR2WMHfvZ0BZp0CPKN5H4XsJxoCT4aFuhhhvdwHRPOw7HCKPRJna/0xx63
g+R3kkBDG3nX6gICiujrBzF9Bxsm5sCkTpMvD6uuFsE/VGTiiFAade+YNXUcUWvi
/nhGlCSZx12ALSL2FuZx1Vxqrbh8cJteyPVXCdmWMv4DOfUCCsTCxEWZSX2kq7oI
GShYtLzj1iSyfJgwxGg2W23jnZUrKNFCm8ZnFo0YVXpJIkcgjIf/fy0QaVJXIj7A
TJ5iT20yo/ucQwkuYrrSWZ/NP2uz9h8vdhQnn7zoTBBeKUh7qoiCxu4MfDwCRie+
ANnmXQR/QoO6dcQu0MwAKF5oZqVH3tI8hUbhi0fc3TGZNPVLGYpHK+BQFE36Hcfw
ci2iR/Gb6NpYrVEJJ32WJGfYkNn0UuyI85NeKEIAQd1xCfogbIs=
=jkIT
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds