vulnerability

Oracle Linux: CVE-2022-24070: ELSA-2022-2234: subversion:1.10 security update (IMPORTANT) (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2021-11-04
Added
2022-05-20
Modified
2024-12-06

Description

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
A use-after-free vulnerability was found in Subversion in the mod_dav_svn Apache HTTP server (HTTPd) module. While looking up path-based authorization (authz) rules, multiple calls to the post_config hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue crashes the single HTTPd worker thread or the entire HTTPd server process, depending on the configuration of the Apache HTTPd server.

Solution(s)

oracle-linux-upgrade-libserforacle-linux-upgrade-mod-dav-svnoracle-linux-upgrade-python3-subversionoracle-linux-upgrade-subversionoracle-linux-upgrade-subversion-develoracle-linux-upgrade-subversion-gnomeoracle-linux-upgrade-subversion-javahloracle-linux-upgrade-subversion-libsoracle-linux-upgrade-subversion-perloracle-linux-upgrade-subversion-toolsoracle-linux-upgrade-utf8proc

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today