|
|
Subscribe / Log in / New account

subversion: two vulnerabilities

Package(s):subversion CVE #(s):CVE-2015-3184 CVE-2015-3187
Created:August 11, 2015 Updated:August 18, 2015
Description: From the Debian advisory:

CVE-2015-3184: Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. This issue does not affect the oldstable distribution (wheezy) because it only contains Apache httpd 2.2.

CVE-2015-3187: Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerability only reveals the path, it does not reveal the contents of the path.

Alerts:
Gentoo 201610-05 subversion 2016-10-11
openSUSE openSUSE-SU-2015:2363-1 subversion 2015-12-25
Fedora FEDORA-2015-6efa349a85 subversion 2016-02-29
Mageia MGASA-2015-0326 subversion 2015-08-27
Ubuntu USN-2721-1 subversion 2015-08-20
Scientific Linux SLSA-2015:1633-1 subversion 2015-08-17
Oracle ELSA-2015-1633 subversion 2015-08-17
openSUSE openSUSE-SU-2015:1401-1 subversion 2015-08-18
CentOS CESA-2015:1633 subversion 2015-08-17
Debian-LTS DLA-293-1 subversion 2015-08-16
Red Hat RHSA-2015:1633-01 subversion 2015-08-17
Arch Linux ASA-201508-5 subversion 2015-08-14
Debian DSA-3331-1 subversion 2015-08-10
CentOS CESA-2015:1742 subversion 2015-09-08
Scientific Linux SLSA-2015:1742-1 subversion 2015-09-08
Oracle ELSA-2015-1742 subversion 2015-09-08
Red Hat RHSA-2015:1742-01 subversion 2015-09-08
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds