漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2015-5343: 1289959: CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies CVE-2015-3187: It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). 1247252: CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz CVE-2015-3184: 1247249: CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users.
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Administrators are advised to apply the appropriate software updates.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论