vulnerability
Amazon Linux AMI: Security patch for mod_dav_svn, subversion (ALAS-2016-676) (multiple CVEs)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:L/Au:N/C:P/I:P/A:C) | 2016-01-08 | 2016-03-30 | 2025-02-18 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:C)
Published
2016-01-08
Added
2016-03-30
Modified
2025-02-18
Description
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
Solution(s)
amazon-linux-upgrade-mod24_dav_svnamazon-linux-upgrade-mod_dav_svnamazon-linux-upgrade-mod_dav_svn-debuginfoamazon-linux-upgrade-subversionamazon-linux-upgrade-subversion-debuginfoamazon-linux-upgrade-subversion-develamazon-linux-upgrade-subversion-javahlamazon-linux-upgrade-subversion-libsamazon-linux-upgrade-subversion-perlamazon-linux-upgrade-subversion-python26amazon-linux-upgrade-subversion-python27amazon-linux-upgrade-subversion-rubyamazon-linux-upgrade-subversion-tools
References
- AMAZON-ALAS-2016-676
- APPLE-APPLE-SA-2016-03-21-4
- CVE-2015-3184
- https://attackerkb.com/topics/CVE-2015-3184
- CVE-2015-3187
- https://attackerkb.com/topics/CVE-2015-3187
- CVE-2015-5259
- https://attackerkb.com/topics/CVE-2015-5259
- CVE-2015-5343
- https://attackerkb.com/topics/CVE-2015-5343
- DEBIAN-DSA-3331
- DEBIAN-DSA-3424
- REDHAT-RHSA-2015:1633

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.