Headline
RHSA-2022:2237: Red Hat Security Advisory: subversion:1.10 security update
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-24070: subversion: Subversion’s mod_dav_svn is vulnerable to memory corruption
发布:
2022-05-12
已更新:
2022-05-12
RHSA-2022:2237 - Security Advisory
- 概述
- 更新的软件包
概述
Important: subversion:1.10 security update
类型/严重性
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Security Fix(es):
- subversion: Subversion’s mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解决方案
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
受影响的产品
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.1 x86_64
修复
- BZ - 2074772 - CVE-2022-24070 subversion: Subversion’s mod_dav_svn is vulnerable to memory corruption
参考
- https://access.redhat.com/security/updates/classification/#important
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.src.rpm
SHA-256: fcf8d27994f27d2e266bd90052865b5fada36a6dd5971decea35d3ae5baac4b4
subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.src.rpm
SHA-256: 677ff97069af8fae6dd8aa5f061dcf3d431d5c7995a9ce377c2558acd6b14a2f
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.src.rpm
SHA-256: 89f552d7180bdd3ab5eebce780951e483514c5e42d333b0e7653ec0d296c98e1
ppc64le
subversion-javahl-1.10.2-3.module+el8.1.0+15169+c14f14c4.noarch.rpm
SHA-256: ca2fe41e91c87a5dbe93b7057846980828ef59ffc514463a7e46b1bbd209e642
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
SHA-256: dbc32751da123bb74f8e3e3779e9807d9449aa8186082c358e157a45045360e8
libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
SHA-256: 94a10caf73fa088b38342bb27bc14b392bb1dfc0d13cead1fdb964d42e35bf4e
libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
SHA-256: 98da093a8d57dc1c45703fd95450e6f60d5ee17629e43f0a1a7371fe2e75ebd3
mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: dadc1b1b695362550b1a613107cf49645a13201ca8128f7ede827553e8692ca3
mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: 872002a20522108d42ace69e31ba241b1c51a8ffda9f1b8f40c94235c7fdd831
subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: e01590c8181b0ac6d25b14b6aba6bab55c1cc5cde4b37e880918933860b1b4ed
subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: a9586470b7bba0a14052a7ead6112393de3c3a97abc241e13df10802d1155501
subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: a67499302153ac7d885e99ca6abd25733d76f44f7caf3c6179e6803229b782da
subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: b1aff0f1ca55664337afb4f491c3016bbe095cffc461ba25802d60796348de3f
subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: 008ad0bed3058a2a70069d12c3a120e03dbcfd8db548c7a6e6576e692590dc37
subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: 3affa0cc3c351f521f72cd6ddf41d416ba22ff9132b89d5f733cad3d87c4939e
subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: ec8aac6c7d6d5acad4a69434a8cba7ce309f49c17a302fe5c55ab6d0bcc19170
subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: 1160db832d7f21257cccb346d3ddf6679c795f89e7ad83bba0e6fe2844601019
subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: f6a7be86226b2d95b41a072acbef343db6c454c582c42533b8b84b0c5ab26e1e
subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: 0b5854ab92318a309ff14e6e65ee9dc81af72ec479cc5f46605447d5e6fb2643
subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: 2c6987078e48fe6546108a00dd80d90acaaee594c8efd95b409f4cf4ac003cf9
subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: 1b3060fdef5e195bc0acd641a5097fe30a3469f150cd79c775a1724d99b5cda1
subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm
SHA-256: fe9744958cee365d32a9d4969d4d056b1e2d89b0a0b8c03f9cb5da34ddf719a2
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
SHA-256: 995b4929ab0d5704a52e1de71c67db545d67b7caf0de9c626a90028017d0e9cd
utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
SHA-256: 5387d0e6ad7b38fb1fb4c432440bac9e50ba8646d379bf07cf9d477f9acb364f
utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
SHA-256: 63d9bbbbc1a6331515ee23b5f231ad5de5af496736e5996061c57fa0b997a67c
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.1
SRPM
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.src.rpm
SHA-256: fcf8d27994f27d2e266bd90052865b5fada36a6dd5971decea35d3ae5baac4b4
subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.src.rpm
SHA-256: 677ff97069af8fae6dd8aa5f061dcf3d431d5c7995a9ce377c2558acd6b14a2f
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.src.rpm
SHA-256: 89f552d7180bdd3ab5eebce780951e483514c5e42d333b0e7653ec0d296c98e1
x86_64
libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
SHA-256: fab399d60161ca7631858cf4fda6051e2e671766f210d3324a9526372fdd6ea2
libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
SHA-256: c77caf7c80a69aa19aca79d04ce73efd29efb5851cfebf543618a8f5c4699b7f
libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
SHA-256: 433415927ffd5e7ceb790a29c81b19c957ea054fffc39ed10b3b5f4d60e40c0b
mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: dfb032b4e371a2f520f60a824e5dbfc208b0637a5115aeeafd378d2c417a77b9
mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 86f50dba9bef475d2018d5596766dffdcd91e57db8dcb150aef900c115c070b4
subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: d73e81556381cd18934d134ba3376630718caf3cb9d30736ed12f5b3b165b639
subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 3ef6f2d38f8a10b6804fa7bb3abe1ce3b54ce2c785395eb9fdfd817efa5d04c2
subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 7d766e2c7daa7caa2f13746f65795c89f98d40f4f3dfd88610fb4427c4de5f30
subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: a46ed82a17f1e6b9ab971b7efdf886f4781f387036233d4eda76553b06220457
subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 3d66d15220e22792bd7f3d8293b6b2277b444bba0847f7eeaff6e3b685ff3b1e
subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 3758fe7e4bf5992dc60e062dc44f74aaee74df869d4ea14020c7dc6cad568565
subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 6733d78ca3cc599a4445109aca0a8a0f459bfde6bd30b062b918c8006573f04f
subversion-javahl-1.10.2-3.module+el8.1.0+15169+c14f14c4.noarch.rpm
SHA-256: ca2fe41e91c87a5dbe93b7057846980828ef59ffc514463a7e46b1bbd209e642
subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 80a21916d5aec34dc11035d492b681dee11c266e9f23ffb4511102102f8c5502
subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: fc5614faf660935edd902dc28ee29a1ef0b90268330bb8fdf31ac485052f0369
subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: faa9524b384067101a4a9142a2c8a0e8658b90dffe60457f966ac18545d25331
subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 73440b25b7f89c10e29ec1d496db219a2d1a71e3d319436257c617619e24c4e2
subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 15913296bf0a4e678249be536b0673e13a5fcb952c67fbd47d44b5d48e904160
subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm
SHA-256: 00b0398bf35d69d8c4374048759844a4d06208b0a45e9bc0dbbab63030956dd3
utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
SHA-256: 554d444fcda6693b0be6b8e45bcf237cd2682dcb71b7c53c6bc24c25b92707be
utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
SHA-256: 814b5e02f1f0dca3a3bb6c05dbf8c0ba250ddbfdeddf13449846bd37f3225d17
utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
SHA-256: d136918cec2360d04b09352d1216a8ce59f0663f0b933a34c68c91b9c77e5eda
Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
Related news
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Red Hat Security Advisory 2022-4941-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
An update for the subversion:1.14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24070: subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
Red Hat Security Advisory 2022-4591-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Ubuntu Security Notice 5450-1 - Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. Thomas Weißschuh discovered that subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact.
Red Hat Security Advisory 2022-4722-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
An update for the subversion:1.14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24070: subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
An update for subversion is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24070: subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
Red Hat Security Advisory 2022-2236-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24070: subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
Red Hat Security Advisory 2022-2234-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Red Hat Security Advisory 2022-2237-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24070: subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24070: subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.