CVE-2014-3522

Priority
Medium
Description
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted certificate.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (1.7.10,1.8.10)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.6.17dfsg-3ubuntu3.4)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.8.8-1ubuntu3.1)
Ubuntu 14.10 (Utopic Unicorn):released (1.8.10-1ubuntu1)
Patches:
Upstream:https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615214 (1.7.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615215 (1.7.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615204 (1.8.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615212 (1.8.x)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-08-20 21:14:37 UTC (commit 8395)