ALAS-2019-1317


Amazon Linux AMI Security Advisory: ALAS-2019-1317
Advisory Release Date: 2019-11-07 00:23 Pacific
Severity: Important

Issue Overview:

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.(CVE-2018-11782 )

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.(CVE-2019-0203 )


Affected Packages:

subversion


Issue Correction:
Run yum update subversion to update your system.

New Packages:
i686:
    subversion-devel-1.9.7-1.60.amzn1.i686
    subversion-javahl-1.9.7-1.60.amzn1.i686
    mod24_dav_svn-1.9.7-1.60.amzn1.i686
    subversion-libs-1.9.7-1.60.amzn1.i686
    subversion-python26-1.9.7-1.60.amzn1.i686
    subversion-tools-1.9.7-1.60.amzn1.i686
    subversion-python27-1.9.7-1.60.amzn1.i686
    subversion-1.9.7-1.60.amzn1.i686
    subversion-perl-1.9.7-1.60.amzn1.i686
    subversion-debuginfo-1.9.7-1.60.amzn1.i686
    subversion-ruby-1.9.7-1.60.amzn1.i686

src:
    subversion-1.9.7-1.60.amzn1.src

x86_64:
    mod24_dav_svn-1.9.7-1.60.amzn1.x86_64
    subversion-python27-1.9.7-1.60.amzn1.x86_64
    subversion-tools-1.9.7-1.60.amzn1.x86_64
    subversion-perl-1.9.7-1.60.amzn1.x86_64
    subversion-1.9.7-1.60.amzn1.x86_64
    subversion-ruby-1.9.7-1.60.amzn1.x86_64
    subversion-devel-1.9.7-1.60.amzn1.x86_64
    subversion-debuginfo-1.9.7-1.60.amzn1.x86_64
    subversion-libs-1.9.7-1.60.amzn1.x86_64
    subversion-python26-1.9.7-1.60.amzn1.x86_64
    subversion-javahl-1.9.7-1.60.amzn1.x86_64