14 lines
1.6 KiB
JSON
14 lines
1.6 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1647",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1647",
|
|
"title": "An update for subversion is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Important",
|
|
"description": "Subversion exists to be universally recognized and adopted as an open-source, centralized version control system characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects, from individuals to large-scale enterprise operations.\r\n\r\nSecurity Fix(es):\r\n\r\nApache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the copyfrom path of the original. This also reveals the fact that the node was copied. Only the copyfrom path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.(CVE-2021-28544)\n\nSubversion s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.(CVE-2022-24070)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-24070",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24070",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |