Ubuntu Security Notice 3388-2 - USN-3388-1 fixed several vulnerabilities in Subversion. This update provides the corresponding update for Ubuntu 12.04 ESM. Ivan Zhakov discovered that Subversion did not properly handle some requests. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
a687e5391fa1b5969d8465cd6fe1b7abad9ba098f227067976e565ef0aebea20Apple Security Advisory 2017-09-19-3 - Xcode 9 is now available and addresses code execution and various other vulnerabilities.
b323f39eaec8eb4fc3557dbe54e6dc9f0deb4ab6e1e1465cd32b69c5e7ba3a49Gentoo Linux Security Advisory 201709-9 - A command injection vulnerability in Subversion may allow remote attackers to execute arbitrary code. Versions less than 1.9.7 are affected.
71ad2e3ea855a8a91408fb8dc7d0efea59a1c6f92a7d8dacb8134433f2085bb4SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.
1e50b9884995c5b9c544b4aa24ba0de7ea8f777b919770ce1a23e318b7d2c761Red Hat Security Advisory 2017-2480-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit.
df291b510e9dfcfc2d41578aecfc04746ad24357f66177f386b938dbfe619a0fDebian Linux Security Advisory 3932-1 - Several problems were discovered in Subversion, a centralized version control system.
a1bdde86fa5407458eda66de508e4072a37aa16fa1bdedce2c8ce794840af2d4Apache Subversion has released version 1.9.7 which addresses an arbitrary code execution vulnerability.
585a9fde58f7e2538f6923e554f14c1d32f0baf2b51e326916874d231c289c2bUbuntu Security Notice 3388-1 - Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. Daniel Shahaf and James McCoy discovered that Subversion did not properly verify realms when using Cyrus SASL authentication. A remote attacker could use this to possibly bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
afb947313ea3b2743fc9ec546b5a4c8ac5e42c19227852d40f19315d56ae31a2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed