SB2019012322 - Input validation error in subversion (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2018-11803)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing recursive directory listing operations. A remote authenticated attacker can omit the root path, trigger the mod_dav_svn to deference an uninitialized pointer variable and, as a result, crash the HTTPD worker process handling the request.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=815a43cf9c8f71f24f63ffdcc6c77c61ff988f59
• https://git.alpinelinux.org/aports/commit/?id=92bbb9e70c73b190532ce28b44e074f8f0b1745b
• https://git.alpinelinux.org/aports/commit/?id=ca2172ac44a492441b25565d8038cc7ec6c2a601
• https://git.alpinelinux.org/aports/commit/?id=7bb81a1376cc08d7e60a7b33e4d6ac28d0a4df12
• https://git.alpinelinux.org/aports/commit/?id=d1a2d86a899fff4752652cc14f5afd245cc48cb1