[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2118-1] New subversion packages fix authentication bypass



Hi,

> ---------------------------------------------------------------------------
> Debian Security Advisory DSA-2118-1                     security@debian.org
> http://www.debian.org/security/                                  Nico Golde
> October 8th, 2010                        http://www.debian.org/security/faq
> ---------------------------------------------------------------------------
> 
> Package        : subversion
> Vulnerability  : logic flaw
> Problem type   : remote
> Debian-specific: no
> Debian bug     : none
> CVE ID         : CVE-2010-3315
> 

[...]

> 
> As a workaround it is also possible to set SVNPathAuthz to "on" but be
> advised that this can result in a performance decrease for large
> repositories.
> 

Is it still necessary to apply such a workaround, despite this update?

[...]

> 
> We recommend that you upgrade your samba packages.
> 
                                     ^^^^^ - this is always a good idea, yes :-)
                               
[...]

Best,
Michael

Attachment: pgpYoJyv0kUjF.pgp
Description: PGP signature


Reply to: