[SECURITY] [DSA 4851-1] subversion security update














-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4851-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 13, 2021                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : subversion
CVE ID         : CVE-2020-17525
Debian Bug     : 982464

Thomas Akesson discovered a remotely triggerable vulnerability in the
mod_authz_svn module in Subversion, a version control system. When using
in-repository authz rules with the AuthzSVNReposRelativeAccessFile
option an unauthenticated remote client can take advantage of this flaw
to cause a denial of service by sending a request for a non-existing
repository URL.

For the stable distribution (buster), this problem has been fixed in
version 1.10.4-1+deb10u2.

We recommend that you upgrade your subversion packages.

For the detailed security status of subversion please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/subversion

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAnuNtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TEgQ/7B/Q1myqwz2fbhOoIJBhhUj5h1rOumY75313o4oVie9DO2Wfdq8orjdW4
vq3XLFfdcGyrfrP+QpcKBLP9042o5YNvm7zMEQ4aABnsudEC5m18McJpzrPTB50H
i2l0SBG0KTffRNziXmumqDZK/hiev9BDIBTi+MrX7aA6x6mHJHfHsq2YiLj0vluU
ap240iT4Ds/0x8Gly0zPjcCWvtWVOfyvwSX9MIeNn7RpcyhXKysm++/fEwmmAkj8
Uu4toxIWzFB51lMxUkzjeIFhJlIvjYThcQ2ppSuocozTUUdVwSQfqO/HqxzzanoP
fbUqdNuJ4pEaw1XbOkrUlvwznxXZJu2tHhwk8QQHwFjGAvis1egoDjbznAwmQLeL
t82P/pBjcIMpbyusUGQ4d8m4RLGw/sFQUOJL9VkmdbokK3bZCf0MmwCC1dQQOhtP
fDlnGdmvnVNjS0w/TdcVtXnf/9osY4+cHurQIAikRbesRRy0+GU7uwsMc7xbrHYJ
CNJq4lkwyqhpcGTg3FIg76xtyVSnPRRptEFoh41ORxLOxpJ6YnC9MwkgQOWsjNUG
n41adApEDGCHKuxBsu3oCDMnSal+zeK9i9sQHQMJl0myaRHbeRnPH2qXpO1/OAuI
O16w2Jt+eF2OzQC2Nkr2fq9BZxv5tstsxeZqCPPE2YHfArAvkHg=
=vgyS
-----END PGP SIGNATURE-----




Reply to:










Source link

Is your business effected by Cyber Crime?

If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

Europe +31558448040
UK +44 20 8089 9944
ASIA +85239733884