Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-269)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.120466

Kategorie: Amazon Linux Local Security Checks

Titel: Amazon Linux: Security Advisory (ALAS-2013-269)

Zusammenfassung: The remote host is missing an update for the 'subversion' package(s) announced via the ALAS-2013-269 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'subversion' package(s) announced via the ALAS-2013-269 advisory.

Vulnerability Insight:
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.

Affected Software/OS:
'subversion' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-4505
http://osvdb.org/100364
http://secunia.com/advisories/55855
SuSE Security Announcement: openSUSE-SU-2013:1836 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
SuSE Security Announcement: openSUSE-SU-2013:1860 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4558
100363
http://osvdb.org/100363
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
https://bugzilla.redhat.com/show_bug.cgi?id=1033431
https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc
https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d
openSUSE-SU-2013:1836
openSUSE-SU-2013:1860

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.120466
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2013-269)
Zusammenfassung:	The remote host is missing an update for the 'subversion' package(s) announced via the ALAS-2013-269 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'subversion' package(s) announced via the ALAS-2013-269 advisory. Vulnerability Insight: The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. Affected Software/OS: 'subversion' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4505 http://osvdb.org/100364 http://secunia.com/advisories/55855 SuSE Security Announcement: openSUSE-SU-2013:1836 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html SuSE Security Announcement: openSUSE-SU-2013:1860 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4558 100363 http://osvdb.org/100363 http://subversion.apache.org/security/CVE-2013-4558-advisory.txt https://bugzilla.redhat.com/show_bug.cgi?id=1033431 https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d openSUSE-SU-2013:1836 openSUSE-SU-2013:1860
Copyright	Copyright (C) 2015 Greenbone AG