[USN-5445-1] Subversion vulnerabilities


========================================================================== Ubuntu Security Notice USN-5445-1 May 26, 2022
subversion vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in subversion.
Software Description: – subversion: Advanced version control system
Details:
Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11782)
Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-0203)
Thomas Åkesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-17525)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: libapache2-mod-svn 1.13.0-3ubuntu0.2 libsvn1 1.13.0-3ubuntu0.2 subversion 1.13.0-3ubuntu0.2
Ubuntu 18.04 LTS: libapache2-mod-svn 1.9.7-4ubuntu1.1 libsvn1 1.9.7-4ubuntu1.1 subversion 1.9.7-4ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5445-1 CVE-2018-11782, CVE-2019-0203, CVE-2020-17525
Package Information: launchpad.net/ubuntu/+source/subversion/1.13.0-3ubuntu0.2 launchpad.net/ubuntu/+source/subversion/1.9.7-4ubuntu1.1