Amazon Linux 1 Security Advisory: ALAS-2019-1317
Advisory Release Date: 2019-11-04 18:16 Pacific
Advisory Updated Date: 2019-11-07 00:23 Pacific
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.(CVE-2018-11782)
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.(CVE-2019-0203)
Affected Packages:
subversion
Issue Correction:
Run yum update subversion to update your system.
i686:
subversion-devel-1.9.7-1.60.amzn1.i686
subversion-javahl-1.9.7-1.60.amzn1.i686
mod24_dav_svn-1.9.7-1.60.amzn1.i686
subversion-libs-1.9.7-1.60.amzn1.i686
subversion-python26-1.9.7-1.60.amzn1.i686
subversion-tools-1.9.7-1.60.amzn1.i686
subversion-python27-1.9.7-1.60.amzn1.i686
subversion-1.9.7-1.60.amzn1.i686
subversion-perl-1.9.7-1.60.amzn1.i686
subversion-debuginfo-1.9.7-1.60.amzn1.i686
subversion-ruby-1.9.7-1.60.amzn1.i686
src:
subversion-1.9.7-1.60.amzn1.src
x86_64:
mod24_dav_svn-1.9.7-1.60.amzn1.x86_64
subversion-python27-1.9.7-1.60.amzn1.x86_64
subversion-tools-1.9.7-1.60.amzn1.x86_64
subversion-perl-1.9.7-1.60.amzn1.x86_64
subversion-1.9.7-1.60.amzn1.x86_64
subversion-ruby-1.9.7-1.60.amzn1.x86_64
subversion-devel-1.9.7-1.60.amzn1.x86_64
subversion-debuginfo-1.9.7-1.60.amzn1.x86_64
subversion-libs-1.9.7-1.60.amzn1.x86_64
subversion-python26-1.9.7-1.60.amzn1.x86_64
subversion-javahl-1.9.7-1.60.amzn1.x86_64