Apache Subversion integer overflow vulnerability in CVE-2015-5343)

Apache Subversion integer overflow vulnerability in CVE-2015-5343)
Apache Subversion integer overflow vulnerability in CVE-2015-5343)

Release date:
Updated on:

Affected Systems:

Apache Group Subversion 1.9.x < 1.9.3
Apache Group Subversion 1.8.x < 1.8.15
Apache Group Subversion 1.7.x

Description:

CVE (CAN) ID: CVE-2015-5343

Subversion is an open-source multi-user version control system that supports non-ASCII text and binary data.

Subversion 1.7.x, 1.8.x <1.8.15, 1.9.x <1.9.3, mod_dav_svn/util. c has the integer overflow vulnerability. The skel-encoded Request body triggers out-of-bounds read and heap buffer overflow. remote users can cause denial of service and arbitrary code execution.

<* Source: Ivan Zhakov
*>

Suggestion:

Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://subversion.apache.org/security/CVE-2015-5343-advisory.txt

Subversion configuration instances in Linux

CentOS 6.2 SVN setup (YUM installation)

Build an SVN server using Apache + SVN

Set up and use the SVN server in Windows + reset the password on the client

Install SVN in Ubuntu Server 12.04 and migrate Virtual SVN data

Build svn service and migration method on Ubuntu Server

Build SVN server with online storage

Subversion (SVN) Details: click here
Subversion (SVN): click here

This article permanently updates the link address: