ALAS-2014-413


Amazon Linux 1 Security Advisory: ALAS-2014-413
Advisory Release Date: 2014-09-17 21:48 Pacific
Advisory Updated Date: 2014-09-19 12:09 Pacific
Severity: Medium

Issue Overview:

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.


Affected Packages:

subversion


Issue Correction:
Run yum update subversion to update your system.

New Packages:
i686:
    subversion-tools-1.8.10-1.44.amzn1.i686
    subversion-1.8.10-1.44.amzn1.i686
    subversion-libs-1.8.10-1.44.amzn1.i686
    subversion-ruby-1.8.10-1.44.amzn1.i686
    mod_dav_svn-1.8.10-1.44.amzn1.i686
    subversion-javahl-1.8.10-1.44.amzn1.i686
    subversion-python-1.8.10-1.44.amzn1.i686
    subversion-perl-1.8.10-1.44.amzn1.i686
    subversion-devel-1.8.10-1.44.amzn1.i686
    subversion-debuginfo-1.8.10-1.44.amzn1.i686

src:
    subversion-1.8.10-1.44.amzn1.src

x86_64:
    subversion-javahl-1.8.10-1.44.amzn1.x86_64
    subversion-devel-1.8.10-1.44.amzn1.x86_64
    subversion-libs-1.8.10-1.44.amzn1.x86_64
    subversion-python-1.8.10-1.44.amzn1.x86_64
    subversion-perl-1.8.10-1.44.amzn1.x86_64
    subversion-debuginfo-1.8.10-1.44.amzn1.x86_64
    subversion-ruby-1.8.10-1.44.amzn1.x86_64
    mod_dav_svn-1.8.10-1.44.amzn1.x86_64
    subversion-tools-1.8.10-1.44.amzn1.x86_64
    subversion-1.8.10-1.44.amzn1.x86_64