ALAS-2021-1483


Amazon Linux AMI Security Advisory: ALAS-2021-1483
Advisory Release Date: 2021-02-23 20:18 Pacific
Advisory Updated Date: 2021-02-24 19:44 Pacific
Severity: Important
References: CVE-2020-17525 

Issue Overview:

A null-pointer-dereference flaw was found in mod_authz_svn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability. (CVE-2020-17525)


Affected Packages:

subversion


Issue Correction:
Run yum update subversion to update your system.

New Packages:
i686:
    subversion-ruby-1.9.7-1.61.amzn1.i686
    subversion-libs-1.9.7-1.61.amzn1.i686
    mod24_dav_svn-1.9.7-1.61.amzn1.i686
    subversion-tools-1.9.7-1.61.amzn1.i686
    subversion-1.9.7-1.61.amzn1.i686
    subversion-python27-1.9.7-1.61.amzn1.i686
    subversion-perl-1.9.7-1.61.amzn1.i686
    subversion-python26-1.9.7-1.61.amzn1.i686
    subversion-javahl-1.9.7-1.61.amzn1.i686
    subversion-debuginfo-1.9.7-1.61.amzn1.i686
    subversion-devel-1.9.7-1.61.amzn1.i686

src:
    subversion-1.9.7-1.61.amzn1.src

x86_64:
    subversion-debuginfo-1.9.7-1.61.amzn1.x86_64
    subversion-perl-1.9.7-1.61.amzn1.x86_64
    subversion-python27-1.9.7-1.61.amzn1.x86_64
    subversion-1.9.7-1.61.amzn1.x86_64
    subversion-tools-1.9.7-1.61.amzn1.x86_64
    subversion-ruby-1.9.7-1.61.amzn1.x86_64
    subversion-devel-1.9.7-1.61.amzn1.x86_64
    mod24_dav_svn-1.9.7-1.61.amzn1.x86_64
    subversion-javahl-1.9.7-1.61.amzn1.x86_64
    subversion-python26-1.9.7-1.61.amzn1.x86_64
    subversion-libs-1.9.7-1.61.amzn1.x86_64