Bug 17353

Summary: subversion new security issue CVE-2015-5343
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/668331/
Whiteboard: has_procedure advisory mga5-32-ok mga5-64-ok
Source RPM: subversion-1.8.14-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-12-17 17:37:00 CET 
Debian has issued an advisory on December 16:
https://www.debian.org/security/2015/dsa-3424

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated subversion packages fix security vulnerability:

Subversion's httpd servers are vulnerable to a remotely triggerable heap-based
buffer overflow and out-of-bounds read caused by an integer overflow when
parsing skel-encoded request bodies (CVE-2015-5343).

This allows remote attackers with write access to a repository to cause a
denial of service or possibly execute arbitrary code under the context of the
httpd process.  32-bit server versions are vulnerable to both the
denial-of-service attack and possible arbitrary code execution.  64-bit server
versions are only vulnerable to the denial-of-service attack.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343
http://mail-archives.apache.org/mod_mbox/subversion-dev/201512.mbox/%3CCAP_GPNieJGPDbf=nmbSdf+CTMZ=5pREoqwnDNvO80mfAKNaY7Q@mail.gmail.com%3E
http://svn.apache.org/repos/asf/subversion/tags/1.8.15/CHANGES
http://subversion.apache.org/security/CVE-2015-5343-advisory.txt
https://www.debian.org/security/2015/dsa-3424
========================

Updated packages in core/updates_testing:
========================
subversion-1.8.15-1.mga5
subversion-doc-1.8.15-1.mga5
libsvn0-1.8.15-1.mga5
libsvn-gnome-keyring0-1.8.15-1.mga5
libsvn-kwallet0-1.8.15-1.mga5
subversion-server-1.8.15-1.mga5
subversion-tools-1.8.15-1.mga5
python-svn-1.8.15-1.mga5
ruby-svn-1.8.15-1.mga5
libsvnjavahl1-1.8.15-1.mga5
svn-javahl-1.8.15-1.mga5
perl-SVN-1.8.15-1.mga5
subversion-kwallet-devel-1.8.15-1.mga5
subversion-gnome-keyring-devel-1.8.15-1.mga5
perl-svn-devel-1.8.15-1.mga5
python-svn-devel-1.8.15-1.mga5
ruby-svn-devel-1.8.15-1.mga5
subversion-devel-1.8.15-1.mga5
apache-mod_dav_svn-1.8.15-1.mga5

from subversion-1.8.15-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-12-17 17:37:13 CET 
Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=14826#c2

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2015-12-28 16:27:31 CET 
Testing complete mga5. Basic testing.

Validating. Please push to 5 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure => has_procedure advisory mga5-32-ok mga5-64-ok
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2015-12-28 20:24:39 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0490.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED