CVE-2017-9800

Priority
Medium
Description
A maliciously constructed svn+ssh:// URL would cause Subversion clients
before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to
run an arbitrary shell command. Such a URL could be generated by a
malicious server, by a malicious user committing to a honest server (to
attack another user of that server's repositories), or by a proxy server.
The vulnerability affects all clients, including those that use file://,
http://, and plain (untunneled) svn://.
Ubuntu-Description
Joern Schneeweisz discovered that Subversion did not properly handle
host names in 'svn+ssh://' URLs. A remote attacker could use this
to construct a subversion repository that when accessed could run
arbitrary code with the privileges of the user.
References
Assigned-to
sbeattie
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (1.9.5-1ubuntu3)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.6.17dfsg-3ubuntu3.7)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.8.8-1ubuntu3.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.9.3-2ubuntu1.1)
Ubuntu 17.04 (Zesty Zapus):released (1.9.5-1ubuntu1.1)
More Information

Updated: 2017-10-24 18:14:16 UTC (commit 13579)