Gentoo Security Advisory GLSA 200407-20 (subversion) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200407-20.

Solution

All Subversion users should upgrade to the latest available version: # emerge sync # emerge -pv '>=dev-util/subversion-1.0.6' # emerve '>=dev-util/subversion-1.0.6' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200407-20 http://bugs.gentoo.org/show_bug.cgi?id=57747 http://svn.collab.net/repos/svn/tags/1.0.6/CHANGES

Insight

Users with write access to parts of a Subversion repository may bypass read restrictions in mod_authz_svn and read any part of the repository they wish.

Severity

Classification

CVE CVE-2004-1438

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200311-07 (phpSysInfo)
Gentoo Security Advisory GLSA 200501-43 (f2c)
Gentoo Security Advisory GLSA 201006-08 (nano)
Gentoo Security Advisory GLSA 200604-13 (fbida)
Gentoo Security Advisory GLSA 200511-17 (FUSE)

Take action and discover your vulnerabilities