DebianDEBIAN:DLA-1052-1:8FD73[SECURITY] [DLA 1052-1] subversion security update
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.129 Low
EPSS
Percentile
95.5%
Package : subversion
Version : 1.6.17dfsg-4+deb7u12
CVE ID : CVE-2017-9800
It was discovered that there was a arbitrary code execution
vulnerability in the subversion revision control system via
malicious "svn+ssh" URLs in "svn:externals" and
"svn:sync-from-url".
For Debian 7 "Wheezy", this issue has been fixed in subversion
version 1.6.17dfsg-4+deb7u12.
We recommend that you upgrade your subversion packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | amd64 | libsvn-perl | < 1.8.10-6+deb8u5 | libsvn-perl_1.8.10-6+deb8u5_amd64.deb |
| Debian | 8 | ppc64el | libsvn1 | < 1.8.10-6+deb8u5 | libsvn1_1.8.10-6+deb8u5_ppc64el.deb |
| Debian | 9 | armel | libapache2-mod-svn | < 1.9.5-1+deb9u1 | libapache2-mod-svn_1.9.5-1+deb9u1_armel.deb |
| Debian | 8 | all | libapache2-svn | < 1.8.10-6+deb8u5 | libapache2-svn_1.8.10-6+deb8u5_all.deb |
| Debian | 8 | ppc64el | subversion | < 1.8.10-6+deb8u5 | subversion_1.8.10-6+deb8u5_ppc64el.deb |
| Debian | 9 | arm64 | libsvn1-dbgsym | < 1.9.5-1+deb9u1 | libsvn1-dbgsym_1.9.5-1+deb9u1_arm64.deb |
| Debian | 9 | i386 | ruby-svn | < 1.9.5-1+deb9u1 | ruby-svn_1.9.5-1+deb9u1_i386.deb |
| Debian | 8 | kfreebsd-i386 | libsvn1 | < 1.8.10-6+deb8u5 | libsvn1_1.8.10-6+deb8u5_kfreebsd-i386.deb |
| Debian | 9 | armel | ruby-svn | < 1.9.5-1+deb9u1 | ruby-svn_1.9.5-1+deb9u1_armel.deb |
| Debian | 9 | armhf | libsvn1-dbgsym | < 1.9.5-1+deb9u1 | libsvn1-dbgsym_1.9.5-1+deb9u1_armhf.deb |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.129 Low
EPSS
Percentile
95.5%