Novell Home

CVE-2010-3315

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2010-3315 at MITRE

Description

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

NVD CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 649861

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.1
  • subversion-debuginfo >= 1.5.7-0.2.2
  • subversion-debugsource >= 1.5.7-0.2.2
openSUSE 11.1
  • subversion >= 1.5.7-0.2.2
  • subversion-devel >= 1.5.7-0.2.2
  • subversion-perl >= 1.5.7-0.2.2
  • subversion-python >= 1.5.7-0.2.2
  • subversion-server >= 1.5.7-0.2.2
  • subversion-tools >= 1.5.7-0.2.2
openSUSE 11.2
  • libsvn_auth_gnome_keyring-1-0-debuginfo >= 1.6.6-1.3.1
  • libsvn_auth_kwallet-1-0-debuginfo >= 1.6.6-1.3.1
  • subversion-debuginfo >= 1.6.6-1.3.1
  • subversion-debugsource >= 1.6.6-1.3.1
  • subversion-perl-debuginfo >= 1.6.6-1.3.1
  • subversion-python-debuginfo >= 1.6.6-1.3.1
  • subversion-ruby-debuginfo >= 1.6.6-1.3.1
  • subversion-server-debuginfo >= 1.6.6-1.3.1
  • subversion-tools-debuginfo >= 1.6.6-1.3.1
openSUSE 11.2
  • libsvn_auth_gnome_keyring-1-0 >= 1.6.6-1.3.1
  • libsvn_auth_kwallet-1-0 >= 1.6.6-1.3.1
  • subversion >= 1.6.6-1.3.1
  • subversion-devel >= 1.6.6-1.3.1
  • subversion-perl >= 1.6.6-1.3.1
  • subversion-python >= 1.6.6-1.3.1
  • subversion-ruby >= 1.6.6-1.3.1
  • subversion-server >= 1.6.6-1.3.1
  • subversion-tools >= 1.6.6-1.3.1
openSUSE 11.3
  • libsvn_auth_gnome_keyring-1-0-debuginfo >= 1.6.9-4.3.1
  • libsvn_auth_kwallet-1-0-debuginfo >= 1.6.9-4.3.1
  • subversion-debuginfo >= 1.6.9-4.3.1
  • subversion-debugsource >= 1.6.9-4.3.1
  • subversion-perl-debuginfo >= 1.6.9-4.3.1
  • subversion-python-debuginfo >= 1.6.9-4.3.1
  • subversion-ruby-debuginfo >= 1.6.9-4.3.1
  • subversion-server-debuginfo >= 1.6.9-4.3.1
  • subversion-tools-debuginfo >= 1.6.9-4.3.1
openSUSE 11.3
  • libsvn_auth_gnome_keyring-1-0 >= 1.6.9-4.3.1
  • libsvn_auth_kwallet-1-0 >= 1.6.9-4.3.1
  • subversion >= 1.6.9-4.3.1
  • subversion-devel >= 1.6.9-4.3.1
  • subversion-perl >= 1.6.9-4.3.1
  • subversion-python >= 1.6.9-4.3.1
  • subversion-ruby >= 1.6.9-4.3.1
  • subversion-server >= 1.6.9-4.3.1
  • subversion-tools >= 1.6.9-4.3.1
SUSE Linux Enterprise Software Development Kit 11 SP1
  • subversion >= 1.5.7-0.3.1
  • subversion-devel >= 1.5.7-0.3.1
  • subversion-perl >= 1.5.7-0.3.1
  • subversion-python >= 1.5.7-0.3.1
  • subversion-server >= 1.5.7-0.3.1
  • subversion-tools >= 1.5.7-0.3.1
sle11-sp1-sdk.ia64
sle11-sp1-sdk.x86
sle11-sp1-sdk.ppc
sle11-sp1-sdk.x86-64
sle11-sp1-sdk.s390x
SAT Patch Nr: 3425

© 2014 Novell