Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0557
subversion:1.10 security update
16 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: subversion:1.10
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-17525
Reference: ESB-2021.0550
ESB-2021.0531
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:0509
https://access.redhat.com/errata/RHSA-2021:0507
https://access.redhat.com/errata/RHSA-2021:0508
Comment: This bulletin contains three (3) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: subversion:1.10 security update
Advisory ID: RHSA-2021:0509-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0509
Issue date: 2021-02-15
CVE Names: CVE-2020-17525
=====================================================================
1. Summary:
An update for the subversion:1.10 module is now available for Red Hat
Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.
Security Fix(es):
* subversion: Remote unauthenticated denial of service in mod_authz_svn
(CVE-2020-17525)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
5. Bugs fixed (https://bugzilla.redhat.com/):
1922303 - CVE-2020-17525 subversion: Remote unauthenticated denial of service in mod_authz_svn
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.src.rpm
subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.src.rpm
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.src.rpm
aarch64:
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm
libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm
libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm
mod_dav_svn-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
mod_dav_svn-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-debugsource-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-devel-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-devel-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-gnome-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-gnome-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-libs-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-libs-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-perl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-perl-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-tools-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
subversion-tools-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm
utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm
noarch:
subversion-javahl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.noarch.rpm
ppc64le:
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
mod_dav_svn-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
mod_dav_svn-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-debugsource-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-devel-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-devel-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-gnome-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-gnome-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-libs-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-libs-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-perl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-perl-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-tools-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
subversion-tools-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
s390x:
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm
libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm
libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm
mod_dav_svn-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
mod_dav_svn-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-debugsource-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-devel-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-devel-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-gnome-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-gnome-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-libs-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-libs-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-perl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-perl-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-tools-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
subversion-tools-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm
utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm
x86_64:
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
mod_dav_svn-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
mod_dav_svn-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-debugsource-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-devel-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-devel-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-gnome-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-gnome-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-libs-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-libs-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-perl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-perl-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-tools-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
subversion-tools-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-17525
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYCojg9zjgjWX9erEAQiBfBAAnFuXcBN3HvOKYiI7s9r4/BlXedC8NbA5
di1+PyCaiduDYqdVKljWFn+7MmSNBYeV7xgbEJtTn7WoZe3+X1evE1AD3/Yzv0PL
mANDry+zI1MjWtZQJXtOBgI22xR+5CkWRKdNNwA6AvEWBmE8B7aA48Ij6kSnvMZJ
h43DPNfd8VUNLgSxupGb4m6/oyrnOpYQ/EacdKArL63WX2n7ddhFnfkLcyLtjzWL
UnWfaim/o9TZ3+HDLq/lQ/IvX6JNYvi2SgVYFFJjO1p3JbrKF4Fw8l1F5YeOfER8
ZWAFVCaQgDAfK0immTYOL4e0LzPv/pcnhK98dIcieqPWGH+xx7XE+ppnTNnQRmE3
vfWbor/mURjlpKwgxVytJ3Og3agsnpSpbpqud4+4mG0N0uWIsGm09UMl0A9rZNv1
Z3kLFHoIZJUELZwVARZCTS4x2TKdUdGyuzWaUjrqfw7DIvEVT8wxSlkVeDHiXdeJ
/5obxDW1wj/gPTw8JBWBkgwxhkWcTQn57fsYAlyugQkN+UR3HwroRJ8wqVGTaT/P
sWu/O1SENbrkbbg9PeTgKofcuHEuJVqw/TSR+c7PSQR/73BCNZmYJlEchiOLiciQ
gDiwu0cYj1cweNEq4HZKM6Kw7e7Xc2bqhTqX1ViWkcplwcI9nWqRd6CYexwLUVku
zLP8T/zQSuQ=
=GyJx
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: subversion:1.10 security update
Advisory ID: RHSA-2021:0507-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0507
Issue date: 2021-02-15
CVE Names: CVE-2020-17525
=====================================================================
1. Summary:
An update for the subversion:1.10 module is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.
Security Fix(es):
* subversion: Remote unauthenticated denial of service in mod_authz_svn
(CVE-2020-17525)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
5. Bugs fixed (https://bugzilla.redhat.com/):
1922303 - CVE-2020-17525 subversion: Remote unauthenticated denial of service in mod_authz_svn
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
libserf-1.3.9-9.module+el8.3.0+6671+2675c974.src.rpm
subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.src.rpm
utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.src.rpm
aarch64:
libserf-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm
libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm
libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm
mod_dav_svn-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
mod_dav_svn-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-debugsource-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-devel-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-devel-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-gnome-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-gnome-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-libs-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-libs-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-perl-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-perl-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-tools-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
subversion-tools-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm
utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm
utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm
noarch:
subversion-javahl-1.10.2-4.module+el8.3.0+9886+ac338b6d.noarch.rpm
ppc64le:
libserf-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm
libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm
libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm
mod_dav_svn-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
mod_dav_svn-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-debugsource-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-devel-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-devel-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-gnome-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-gnome-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-libs-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-libs-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-perl-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-perl-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-tools-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
subversion-tools-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm
utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm
utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm
s390x:
libserf-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm
libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm
libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm
mod_dav_svn-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
mod_dav_svn-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-debugsource-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-devel-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-devel-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-gnome-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-gnome-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-libs-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-libs-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-perl-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-perl-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-tools-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
subversion-tools-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm
utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm
utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm
x86_64:
libserf-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm
libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm
libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm
mod_dav_svn-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
mod_dav_svn-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-debugsource-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-devel-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-devel-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-gnome-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-gnome-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-libs-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-libs-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-perl-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-perl-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-tools-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
subversion-tools-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm
utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm
utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-17525
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYCoj+9zjgjWX9erEAQhsPBAAg2tLz55p0n/r4eu1mU5gSZBhqQFDAblz
vrh7FpTT+jTYLz4BMJXco9op8Of5x+3QEMkBd+LISx7xUfBJRpEwHvE3e6yNSyGM
tUVqp9RT4TjFq+d0TqR5seqAZHdgGfeQaMIsB1sdhPdbVZTolOpkRXRwqXl65sQJ
61w9cTCOuZ+IjDIAKTKA1wuwNQFDaUve0NShrSOFW2Pwq3p4TDmPi0vYjoLLUSlX
1ZKXT60iOw9TwHZln7BqDyH1q+mZ7BJbuPMakZ+477QzYucHMvEYzv6tykL1tB7T
ggTGrnXGlyLysrOcTHQVBpzwi7wLJRCw0LTjxEVYxSqOqQhml0PgdIXmkD/gnoVc
ab8Qz+chLdI7f7lLdZ5JDOfm+qdSD3ifrEPJCI+ut+F42N0hOsB1qt1p359mbo9r
dKnJjfufUuNX/54/uXhDdmsvISdmRETP1g1/PYBk3xMRL/T7p1egx1Z5z5WgnOOM
0ebVMrdoakuGvQV9yFhN41fIrHGiuR1yC8gl+1eSwzKXerjANmn/6DWGyptMQcZy
7/3GEWCQBa/GpDSE00pm2cDXYaAuJFFW3zAXkW+rJ1JQ278nmQ3SD9pxF1zSfDEn
dZTYWCiPJ+550SyOAml6xyQBT1xqeRW6jikzmQDChJwQhF3qvrjKluL8eFZefgVR
SokSUNqqKqU=
=otDI
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: subversion:1.10 security update
Advisory ID: RHSA-2021:0508-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0508
Issue date: 2021-02-15
CVE Names: CVE-2020-17525
=====================================================================
1. Summary:
An update for the subversion:1.10 module is now available for Red Hat
Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.
Security Fix(es):
* subversion: Remote unauthenticated denial of service in mod_authz_svn
(CVE-2020-17525)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
5. Bugs fixed (https://bugzilla.redhat.com/):
1922303 - CVE-2020-17525 subversion: Remote unauthenticated denial of service in mod_authz_svn
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.src.rpm
subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.src.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.src.rpm
aarch64:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm
libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm
libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm
mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm
utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm
noarch:
subversion-javahl-1.10.2-2.module+el8.2.0+9887+08558108.1.noarch.rpm
ppc64le:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm
libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm
libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm
mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm
utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm
s390x:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm
libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm
libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm
mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm
utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm
x86_64:
libserf-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm
libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm
libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm
mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm
utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm
utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm
utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-17525
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYColqdzjgjWX9erEAQiiRw//TJPiOaI4zGJNe3l0gcV3wXzszp3xk1zv
0pZ0vIvTSWIFU0i/8w900zow9Uezwu2UDSEaE+DtTovQP0SES/l11nb98WBbJW/w
5UohRmx1dWhnwRlN4kfDF5/KXUCUU6WfNQdsHD6uZm12exHOpID3wW6TiWR63BYE
b88oE9rRGPSwnJUx6VK21EeyKz3gP34gQdp8mO/CxbQV0cwAHQvlL7nedc9ALIFt
cY8HhkS80ne0IezWSceQoDlu9x+3jfmfPclPRyi/J6zwvNn5HaMGRgGpSoPBY3WZ
A6b/WHJzlEHJSlJfavqRvnM4BTkI9V6e7eQaBYVzqCftXunaJoCukdNC26H4VCZx
ujFlXdnqzgTPU4sHPnOXZ51IAXxTw6Ax8jkxcyEvtPa8M7/zilyHu+aI/b1s2XMc
X7oUpUuis5kGiSyke7L66FpTTqy5EOeVG5D01MYGZMG7BHQTMpfnCeBt5CqfPaDg
9JmTFn58qh71kjD086xB2PcIg6sVrFSQVjlX0W43VefRqEJlPqaEa1DyHToOslW7
1YPtlAwoVBY/7TLXy+ux+QqzEDAPTDCD/9iY5Lvr90OHeeOA9Vpcgo1x1BG3vyAr
xWOZczDosZk8hSqr5GNkx3nXRDhWJkxZuoe9uB6K0r6Y8LldhzOj8EgmUzg9odxa
OlKnD2X9da0=
=K/qI
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYCsRr+NLKJtyKPYoAQjxMQ//YWtI9aXbuqwmHximX/UBx8Dpvkr0WRuD
YhT7Mr/ZYOAbryCrTbqnA+pn0Wx2TI6N6VftsQjtHdYuvMRM0nQr0SIVcG3iu6i2
B4I3YP41VD5TGmvEQxSDnRsyvMoIwCYUfg2H7gbC12BU53Evga4H1wNTpf6WbZVn
UIfvq8USBTCLCFjdyCtrZNxZmrGF0OC8Gl4V6d1vkPy1oC610aYAD3xkR2gQNVjv
GmscrGQmWcGhKYaSzBIp/ANV9/B1yWsbwDtWyHL8Qw9UEjOspnkOx4zrt0+FF+yW
ND+IQzmVkdgGH9AAQmCy/JqzepFgzDpTD1/e4Gvx5mC3Lei87hsHlMduw7Gks1DZ
7YHmLPRVvpmA104216OGB5I3Z5E1qQEPjR5eCnOYWxAcSL4yawJ6a0SfAg7k1PPA
9cjLu4+lHzed86+/0Ke/d32yfiBMIW/gYusIgXwduTvQt/5WqPvnCIG50ao1Q0Z7
dbT+gRMXg2lUhf3DP1aoz7W4qi7r9Mt5KDJCXZYl/RLpSQU9+sqKQBmSB6tYijwv
0I8A/XT4lvmES/bxE5xekzvVqB2GisfiyDBrZTD+gtL1UKWjK2nuZtXctXBFwxoj
YLkwfGeYfAkC1HZJLOR14tBINFc6NK22en9KEtCX+jPjjicByh20q4MpPzqj3IcH
nJjnjmL4yP8=
=+cEJ
-----END PGP SIGNATURE-----