Test ID:	1.3.6.1.4.1.25623.1.0.841931
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2316-1)
Summary:	The remote host is missing an update for the 'subversion' package(s) announced via the USN-2316-1 advisory.
Description:	Summary: The remote host is missing an update for the 'subversion' package(s) announced via the USN-2316-1 advisory. Vulnerability Insight: Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032) Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3522) Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. (CVE-2014-3528) Affected Software/OS: 'subversion' package(s) on Ubuntu 12.04, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0032 BugTraq ID: 65434 http://www.securityfocus.com/bid/65434 https://security.gentoo.org/glsa/201610-05 http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502@reser.org%3E http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf@ntlworld.com%3E http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E http://www.osvdb.org/102927 RedHat Security Advisories: RHSA-2014:0255 http://rhn.redhat.com/errata/RHSA-2014-0255.html http://secunia.com/advisories/56822 http://secunia.com/advisories/60722 http://secunia.com/advisories/61321 SuSE Security Announcement: openSUSE-SU-2014:0307 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html SuSE Security Announcement: openSUSE-SU-2014:0334 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html http://www.ubuntu.com/usn/USN-2316-1 XForce ISS Database: apache-subversion-cve20140032-dos(90986) https://exchange.xforce.ibmcloud.com/vulnerabilities/90986 Common Vulnerability Exposure (CVE) ID: CVE-2014-3522 http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html BugTraq ID: 69237 http://www.securityfocus.com/bid/69237 http://www.osvdb.org/109996 http://secunia.com/advisories/59432 http://secunia.com/advisories/59584 http://secunia.com/advisories/60100 SuSE Security Announcement: openSUSE-SU-2014:1059 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html XForce ISS Database: apache-subversion-cve20143522-spoofing(95311) https://exchange.xforce.ibmcloud.com/vulnerabilities/95311 XForce ISS Database: apache-subversion-cve20143528-info-disc(95090) https://exchange.xforce.ibmcloud.com/vulnerabilities/95090 Common Vulnerability Exposure (CVE) ID: CVE-2014-3528 BugTraq ID: 68995 http://www.securityfocus.com/bid/68995 RedHat Security Advisories: RHSA-2015:0165 http://rhn.redhat.com/errata/RHSA-2015-0165.html RedHat Security Advisories: RHSA-2015:0166 http://rhn.redhat.com/errata/RHSA-2015-0166.html
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.