Amazon Linux 1 Security Advisory: ALAS-2014-413
Advisory Release Date: 2014-09-17 21:48 Pacific
Advisory Updated Date: 2014-09-19 12:09 Pacific
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Affected Packages:
subversion
Issue Correction:
Run yum update subversion to update your system.
i686:
subversion-tools-1.8.10-1.44.amzn1.i686
subversion-1.8.10-1.44.amzn1.i686
subversion-libs-1.8.10-1.44.amzn1.i686
subversion-ruby-1.8.10-1.44.amzn1.i686
mod_dav_svn-1.8.10-1.44.amzn1.i686
subversion-javahl-1.8.10-1.44.amzn1.i686
subversion-python-1.8.10-1.44.amzn1.i686
subversion-perl-1.8.10-1.44.amzn1.i686
subversion-devel-1.8.10-1.44.amzn1.i686
subversion-debuginfo-1.8.10-1.44.amzn1.i686
src:
subversion-1.8.10-1.44.amzn1.src
x86_64:
subversion-javahl-1.8.10-1.44.amzn1.x86_64
subversion-devel-1.8.10-1.44.amzn1.x86_64
subversion-libs-1.8.10-1.44.amzn1.x86_64
subversion-python-1.8.10-1.44.amzn1.x86_64
subversion-perl-1.8.10-1.44.amzn1.x86_64
subversion-debuginfo-1.8.10-1.44.amzn1.x86_64
subversion-ruby-1.8.10-1.44.amzn1.x86_64
mod_dav_svn-1.8.10-1.44.amzn1.x86_64
subversion-tools-1.8.10-1.44.amzn1.x86_64
subversion-1.8.10-1.44.amzn1.x86_64