SUSE-SU-2022:1483-1
- Source
- https://www.suse.com/support/update/announcement/2022/suse-su-20221483-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1483-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:1483-1
- Related
- Published
- 2022-05-02T14:45:26Z
- Modified
- 2022-05-02T14:45:26Z
- Summary
- Security update for subversion
- Details
-
This update for subversion fixes the following issues:
- CVE-2022-24070: Fixed a memory corruption issue in moddavsvn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service (bsc#1197940).
- CVE-2021-28544: Fixed an information leak issue where Subversion servers may reveal the original path of files protected by path-based authorization (bsc#1197939).
The following non-security bugs were fixed:
- Skip failing test on s390[x] (bsc#1198503).
- References
Affected packages
SUSE:Linux Enterprise Software Development Kit 12 SP5 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.6-3.6.1
Ecosystem specific
{
"binaries": [
{
"subversion-devel": "1.10.6-3.6.1",
"subversion-tools": "1.10.6-3.6.1",
"subversion": "1.10.6-3.6.1",
"libsvn_auth_gnome_keyring-1-0": "1.10.6-3.6.1",
"subversion-bash-completion": "1.10.6-3.6.1",
"subversion-server": "1.10.6-3.6.1",
"subversion-python": "1.10.6-3.6.1",
"subversion-perl": "1.10.6-3.6.1"
}
]
}