Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0557 subversion:1.10 security update 16 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: subversion:1.10 Publisher: Red Hat Operating System: Red Hat Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-17525 Reference: ESB-2021.0550 ESB-2021.0531 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:0509 https://access.redhat.com/errata/RHSA-2021:0507 https://access.redhat.com/errata/RHSA-2021:0508 Comment: This bulletin contains three (3) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: subversion:1.10 security update Advisory ID: RHSA-2021:0509-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0509 Issue date: 2021-02-15 CVE Names: CVE-2020-17525 ===================================================================== 1. Summary: An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: Remote unauthenticated denial of service in mod_authz_svn (CVE-2020-17525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 5. Bugs fixed (https://bugzilla.redhat.com/): 1922303 - CVE-2020-17525 subversion: Remote unauthenticated denial of service in mod_authz_svn 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.src.rpm subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.src.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.src.rpm aarch64: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm mod_dav_svn-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-debugsource-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-devel-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-gnome-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-libs-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-perl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-tools-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.aarch64.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm noarch: subversion-javahl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.noarch.rpm ppc64le: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm mod_dav_svn-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-debugsource-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-devel-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-gnome-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-libs-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-perl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-tools-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.ppc64le.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm s390x: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm mod_dav_svn-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-debugsource-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-devel-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-gnome-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-libs-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-perl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-tools-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.s390x.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm x86_64: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm mod_dav_svn-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-debugsource-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-devel-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-gnome-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-libs-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-perl-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-tools-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.1.0+9889+0a9c19c4.1.x86_64.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-17525 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCojg9zjgjWX9erEAQiBfBAAnFuXcBN3HvOKYiI7s9r4/BlXedC8NbA5 di1+PyCaiduDYqdVKljWFn+7MmSNBYeV7xgbEJtTn7WoZe3+X1evE1AD3/Yzv0PL mANDry+zI1MjWtZQJXtOBgI22xR+5CkWRKdNNwA6AvEWBmE8B7aA48Ij6kSnvMZJ h43DPNfd8VUNLgSxupGb4m6/oyrnOpYQ/EacdKArL63WX2n7ddhFnfkLcyLtjzWL UnWfaim/o9TZ3+HDLq/lQ/IvX6JNYvi2SgVYFFJjO1p3JbrKF4Fw8l1F5YeOfER8 ZWAFVCaQgDAfK0immTYOL4e0LzPv/pcnhK98dIcieqPWGH+xx7XE+ppnTNnQRmE3 vfWbor/mURjlpKwgxVytJ3Og3agsnpSpbpqud4+4mG0N0uWIsGm09UMl0A9rZNv1 Z3kLFHoIZJUELZwVARZCTS4x2TKdUdGyuzWaUjrqfw7DIvEVT8wxSlkVeDHiXdeJ /5obxDW1wj/gPTw8JBWBkgwxhkWcTQn57fsYAlyugQkN+UR3HwroRJ8wqVGTaT/P sWu/O1SENbrkbbg9PeTgKofcuHEuJVqw/TSR+c7PSQR/73BCNZmYJlEchiOLiciQ gDiwu0cYj1cweNEq4HZKM6Kw7e7Xc2bqhTqX1ViWkcplwcI9nWqRd6CYexwLUVku zLP8T/zQSuQ= =GyJx - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: subversion:1.10 security update Advisory ID: RHSA-2021:0507-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0507 Issue date: 2021-02-15 CVE Names: CVE-2020-17525 ===================================================================== 1. Summary: An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: Remote unauthenticated denial of service in mod_authz_svn (CVE-2020-17525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 5. Bugs fixed (https://bugzilla.redhat.com/): 1922303 - CVE-2020-17525 subversion: Remote unauthenticated denial of service in mod_authz_svn 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.src.rpm subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.src.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.src.rpm aarch64: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm mod_dav_svn-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm mod_dav_svn-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-debugsource-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-devel-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-devel-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-gnome-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-gnome-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-libs-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-libs-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-perl-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-perl-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-tools-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm subversion-tools-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.aarch64.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm noarch: subversion-javahl-1.10.2-4.module+el8.3.0+9886+ac338b6d.noarch.rpm ppc64le: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm mod_dav_svn-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm mod_dav_svn-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-debugsource-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-devel-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-devel-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-gnome-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-gnome-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-libs-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-libs-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-perl-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-perl-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-tools-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm subversion-tools-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.ppc64le.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm s390x: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm mod_dav_svn-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm mod_dav_svn-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-debugsource-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-devel-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-devel-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-gnome-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-gnome-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-libs-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-libs-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-perl-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-perl-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-tools-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm subversion-tools-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.s390x.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm x86_64: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm mod_dav_svn-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm mod_dav_svn-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-debugsource-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-devel-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-devel-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-gnome-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-gnome-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-libs-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-libs-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-perl-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-perl-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-tools-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm subversion-tools-debuginfo-1.10.2-4.module+el8.3.0+9886+ac338b6d.x86_64.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-17525 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCoj+9zjgjWX9erEAQhsPBAAg2tLz55p0n/r4eu1mU5gSZBhqQFDAblz vrh7FpTT+jTYLz4BMJXco9op8Of5x+3QEMkBd+LISx7xUfBJRpEwHvE3e6yNSyGM tUVqp9RT4TjFq+d0TqR5seqAZHdgGfeQaMIsB1sdhPdbVZTolOpkRXRwqXl65sQJ 61w9cTCOuZ+IjDIAKTKA1wuwNQFDaUve0NShrSOFW2Pwq3p4TDmPi0vYjoLLUSlX 1ZKXT60iOw9TwHZln7BqDyH1q+mZ7BJbuPMakZ+477QzYucHMvEYzv6tykL1tB7T ggTGrnXGlyLysrOcTHQVBpzwi7wLJRCw0LTjxEVYxSqOqQhml0PgdIXmkD/gnoVc ab8Qz+chLdI7f7lLdZ5JDOfm+qdSD3ifrEPJCI+ut+F42N0hOsB1qt1p359mbo9r dKnJjfufUuNX/54/uXhDdmsvISdmRETP1g1/PYBk3xMRL/T7p1egx1Z5z5WgnOOM 0ebVMrdoakuGvQV9yFhN41fIrHGiuR1yC8gl+1eSwzKXerjANmn/6DWGyptMQcZy 7/3GEWCQBa/GpDSE00pm2cDXYaAuJFFW3zAXkW+rJ1JQ278nmQ3SD9pxF1zSfDEn dZTYWCiPJ+550SyOAml6xyQBT1xqeRW6jikzmQDChJwQhF3qvrjKluL8eFZefgVR SokSUNqqKqU= =otDI - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: subversion:1.10 security update Advisory ID: RHSA-2021:0508-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0508 Issue date: 2021-02-15 CVE Names: CVE-2020-17525 ===================================================================== 1. Summary: An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: Remote unauthenticated denial of service in mod_authz_svn (CVE-2020-17525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 5. Bugs fixed (https://bugzilla.redhat.com/): 1922303 - CVE-2020-17525 subversion: Remote unauthenticated denial of service in mod_authz_svn 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: libserf-1.3.9-9.module+el8.2.0+9887+08558108.src.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.src.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.src.rpm aarch64: libserf-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.aarch64.rpm mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.aarch64.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.aarch64.rpm noarch: subversion-javahl-1.10.2-2.module+el8.2.0+9887+08558108.1.noarch.rpm ppc64le: libserf-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.ppc64le.rpm mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.ppc64le.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.ppc64le.rpm s390x: libserf-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.s390x.rpm mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.s390x.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.s390x.rpm x86_64: libserf-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm libserf-debuginfo-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm libserf-debugsource-1.3.9-9.module+el8.2.0+9887+08558108.x86_64.rpm mod_dav_svn-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm mod_dav_svn-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-debugsource-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-devel-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-devel-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-gnome-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-gnome-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-libs-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-libs-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-perl-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-perl-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-tools-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm subversion-tools-debuginfo-1.10.2-2.module+el8.2.0+9887+08558108.1.x86_64.rpm utf8proc-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm utf8proc-debugsource-2.1.1-5.module+el8.2.0+9887+08558108.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-17525 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYColqdzjgjWX9erEAQiiRw//TJPiOaI4zGJNe3l0gcV3wXzszp3xk1zv 0pZ0vIvTSWIFU0i/8w900zow9Uezwu2UDSEaE+DtTovQP0SES/l11nb98WBbJW/w 5UohRmx1dWhnwRlN4kfDF5/KXUCUU6WfNQdsHD6uZm12exHOpID3wW6TiWR63BYE b88oE9rRGPSwnJUx6VK21EeyKz3gP34gQdp8mO/CxbQV0cwAHQvlL7nedc9ALIFt cY8HhkS80ne0IezWSceQoDlu9x+3jfmfPclPRyi/J6zwvNn5HaMGRgGpSoPBY3WZ A6b/WHJzlEHJSlJfavqRvnM4BTkI9V6e7eQaBYVzqCftXunaJoCukdNC26H4VCZx ujFlXdnqzgTPU4sHPnOXZ51IAXxTw6Ax8jkxcyEvtPa8M7/zilyHu+aI/b1s2XMc X7oUpUuis5kGiSyke7L66FpTTqy5EOeVG5D01MYGZMG7BHQTMpfnCeBt5CqfPaDg 9JmTFn58qh71kjD086xB2PcIg6sVrFSQVjlX0W43VefRqEJlPqaEa1DyHToOslW7 1YPtlAwoVBY/7TLXy+ux+QqzEDAPTDCD/9iY5Lvr90OHeeOA9Vpcgo1x1BG3vyAr xWOZczDosZk8hSqr5GNkx3nXRDhWJkxZuoe9uB6K0r6Y8LldhzOj8EgmUzg9odxa OlKnD2X9da0= =K/qI - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYCsRr+NLKJtyKPYoAQjxMQ//YWtI9aXbuqwmHximX/UBx8Dpvkr0WRuD YhT7Mr/ZYOAbryCrTbqnA+pn0Wx2TI6N6VftsQjtHdYuvMRM0nQr0SIVcG3iu6i2 B4I3YP41VD5TGmvEQxSDnRsyvMoIwCYUfg2H7gbC12BU53Evga4H1wNTpf6WbZVn UIfvq8USBTCLCFjdyCtrZNxZmrGF0OC8Gl4V6d1vkPy1oC610aYAD3xkR2gQNVjv GmscrGQmWcGhKYaSzBIp/ANV9/B1yWsbwDtWyHL8Qw9UEjOspnkOx4zrt0+FF+yW ND+IQzmVkdgGH9AAQmCy/JqzepFgzDpTD1/e4Gvx5mC3Lei87hsHlMduw7Gks1DZ 7YHmLPRVvpmA104216OGB5I3Z5E1qQEPjR5eCnOYWxAcSL4yawJ6a0SfAg7k1PPA 9cjLu4+lHzed86+/0Ke/d32yfiBMIW/gYusIgXwduTvQt/5WqPvnCIG50ao1Q0Z7 dbT+gRMXg2lUhf3DP1aoz7W4qi7r9Mt5KDJCXZYl/RLpSQU9+sqKQBmSB6tYijwv 0I8A/XT4lvmES/bxE5xekzvVqB2GisfiyDBrZTD+gtL1UKWjK2nuZtXctXBFwxoj YLkwfGeYfAkC1HZJLOR14tBINFc6NK22en9KEtCX+jPjjicByh20q4MpPzqj3IcH nJjnjmL4yP8= =+cEJ -----END PGP SIGNATURE-----