CVE-2014-3522

Publication date 12 August 2014

Last updated 24 July 2024

Ubuntu priority

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
subversion	14.04 LTS trusty	Fixed 1.8.8-1ubuntu3.1
	12.04 LTS precise	Fixed 1.6.17dfsg-3ubuntu3.4
	10.04 LTS lucid	Ignored

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
subversion	Upstream: https://subversion.apache.org/security/CVE-2014-3522-advisory.txt Upstream: http://svn.apache.org/viewvc?view=revision&revision=1615214 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1615215 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1615204 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1615212

References

Related Ubuntu Security Notices (USN)

USN-2316-1
Subversion vulnerabilities
14 August 2014

CVE-2014-3522

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references