[website] r1712 - html/trunk/blfs/advisories

Wed, 10 Feb 2021 18:54:20 -0800 

Author: renodr
Date: Wed Feb 10 18:44:49 2021
New Revision: 1712

Log:
Commit security advisory for subversion

Modified:
   html/trunk/blfs/advisories/10.0.html
   html/trunk/blfs/advisories/consolidated.html

Modified: html/trunk/blfs/advisories/10.0.html
==============================================================================
--- html/trunk/blfs/advisories/10.0.html        Wed Feb 10 12:41:52 2021        
(r1711)
+++ html/trunk/blfs/advisories/10.0.html        Wed Feb 10 18:44:49 2021        
(r1712)
@@ -571,6 +571,15 @@
 
 <!-- end of stunnel -->
 
+    <h3>Subversion</h3>
+
+    <h4>10.0 086 Subversion Date: 2021-02-10 Severity: Medium</h4>
+    <p>In Subversion before 1.14.1, there exists a remotely exploitable
+    denial-of-service vulnerability that does not require authentication.
+    This vulnerability can also cause the HTTPD webserver to crash.
+    Update to Subversion-1.14.1 or later.
+    <a href="consolidated.html#10.0-086">10.0-086</a></p>
+
     <h3>Sudo</h3>
 
     <h4>10.0 073 Sudo  Date: 2021-01-26  Severity: Critical</h4>

Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html        Wed Feb 10 12:41:52 
2021        (r1711)
+++ html/trunk/blfs/advisories/consolidated.html        Wed Feb 10 18:44:49 
2021        (r1712)
@@ -76,6 +76,20 @@
     replaced or archived). See the gstreamer links re 1.16 for an example of
     linking to a released book (old 10.0) -->
 
+    <a id="10.0-086">
+    <h4>10.0 086 Subversion Date: 2021-02-10  Severity: Medium</h4>
+    <p>In subversion-1.14.0, a security vulnerability was found that will
+    result in a remote unauthenticated denial-of-service. This vulnerability
+    was found in the mod_authz_svn and mod_dav_svn modules, and is a
+    null-pointer dereference caused by attempting to access a non-existent
+    repository. This has been assigned
+    <a 
href="https://security.archlinux.org/CVE-2020-17525";>CVE-2020-17525</a>.</p>
+    <p>To fix this, update to at least Subversion-1.14.1 using the instructions
+    from the development book for
+    <a href="../view/svn/general/subversion.html">Subversion (sysv)</a> or
+    <a href="../view/systemd/general/subversion.html">Subversion 
(systemd)</a>.</p>
+
+    <a id="10.0-085">
     <h4>10.0 085 Libgcrypt  Date: 2021-02-10  Severity: High</h4>
     <p>In Libgcrypt-1.9.0 there is a heap-based buffer overflow. See
     <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-3345";>CVE-2021-3345</a>.</p>
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to