CVE-2020-17525

Published: 10 February 2021

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.7, 1.14.1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.14.1-1)
Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Binaries built from this source package are in Universe and so are supported by the community.