Apache Subversion "mod_authz_svn" Denial of Service Vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
subversion (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
An error in the mod_authz_svn module can be exploited to trigger a NULL pointer dereference and subsequently cause a crash via a specially crafted request.
Successful exploitation of this vulnerability requires the Apache HTTPD server to be configured to use an in-repository authz file with certain configuration directives (please see the vendor's advisory for further details).
The vulnerability is reported in versions 1.9.0 through 1.10.6 and 1.11.0 through 1.14.0.
Affected Software
The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected.
Apache Subversion 1.x
Solution
Update to version 1.14.1 or 1.10.7.
References
1. https:/
Please take appropriate measures.
CVE References
description: | updated |
information type: | Private Security → Public Security |
Changed in subversion (Ubuntu): | |
status: | New → Confirmed |
What is the process for making Subversion 1.14.1 available to Ubuntu 20.04?
Subversion 1.14 is an LTS release which makes sense for Ubuntu 20.04.