Amazon Linux 2022 Security Advisory: ALAS-2022-076
Advisory Release Date: 2022-05-18 00:34 Pacific
Advisory Updated Date: 2022-05-19 18:26 Pacific
A use-after-free vulnerability was found in Subversion in the mod_dav_svn Apache HTTP server (HTTPd) module. While looking up path-based authorization (authz) rules, multiple calls to the post_config hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue crashes the single HTTPd worker thread or the entire HTTPd server process, depending on the configuration of the Apache HTTPd server. (CVE-2022-24070)
Affected Packages:
subversion
Issue Correction:
Run dnf update --releasever=2022.0.20220518 subversion to update your system.
aarch64:
subversion-gnome-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
subversion-libs-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
subversion-devel-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
python3-subversion-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
subversion-tools-1.14.2-1.amzn2022.0.1.aarch64
subversion-perl-1.14.2-1.amzn2022.0.1.aarch64
subversion-tools-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
python3-subversion-1.14.2-1.amzn2022.0.1.aarch64
subversion-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
subversion-debugsource-1.14.2-1.amzn2022.0.1.aarch64
mod_dav_svn-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
subversion-ruby-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
subversion-ruby-1.14.2-1.amzn2022.0.1.aarch64
subversion-gnome-1.14.2-1.amzn2022.0.1.aarch64
subversion-devel-1.14.2-1.amzn2022.0.1.aarch64
subversion-perl-debuginfo-1.14.2-1.amzn2022.0.1.aarch64
subversion-libs-1.14.2-1.amzn2022.0.1.aarch64
mod_dav_svn-1.14.2-1.amzn2022.0.1.aarch64
subversion-1.14.2-1.amzn2022.0.1.aarch64
noarch:
subversion-javahl-1.14.2-1.amzn2022.0.1.noarch
src:
subversion-1.14.2-1.amzn2022.0.1.src
x86_64:
python3-subversion-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
subversion-ruby-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
subversion-tools-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
subversion-devel-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
mod_dav_svn-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
subversion-ruby-1.14.2-1.amzn2022.0.1.x86_64
subversion-libs-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
subversion-devel-1.14.2-1.amzn2022.0.1.x86_64
subversion-debugsource-1.14.2-1.amzn2022.0.1.x86_64
subversion-gnome-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
python3-subversion-1.14.2-1.amzn2022.0.1.x86_64
subversion-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
subversion-perl-debuginfo-1.14.2-1.amzn2022.0.1.x86_64
subversion-1.14.2-1.amzn2022.0.1.x86_64
subversion-gnome-1.14.2-1.amzn2022.0.1.x86_64
mod_dav_svn-1.14.2-1.amzn2022.0.1.x86_64
subversion-libs-1.14.2-1.amzn2022.0.1.x86_64
subversion-tools-1.14.2-1.amzn2022.0.1.x86_64
subversion-perl-1.14.2-1.amzn2022.0.1.x86_64