ASA-202105-16: websvn: arbitrary command execution

Arch Linux 804 Published by

A websvn security update has been released for Arch Linux.



ASA-202105-16: websvn: arbitrary command execution


Arch Linux Security Advisory ASA-202105-16
=========================================
Severity: High
Date : 2021-05-25
CVE-ID : CVE-2021-32305
Package : websvn
Type : arbitrary command execution
Remote : Yes
Link :   https://security.archlinux.org/AVG-1969

Summary
======
The package websvn before version 2.6.1-1 is vulnerable to arbitrary
command execution.

Resolution
=========
Upgrade to 2.6.1-1.

# pacman -Syu "websvn>=2.6.1-1"

The problem has been fixed upstream in version 2.6.1.

Workaround
=========
None.

Description
==========
WebSVN before 2.6.1 allows remote attackers to execute arbitrary
commands via shell metacharacters in the search parameter.

Impact
=====
A remote attacker can execute arbitrary shell commands on the server
using a crafted search query.

References
=========
  https://github.com/websvnphp/websvn/pull/142
  https://github.com/websvnphp/websvn/commit/88fce56b7b9dbfc0fe2629217c3bff2c2e751920
  https://security.archlinux.org/CVE-2021-32305



GLSA 202105-32 : PostgreSQL: Multiple vulnerabilities

Curl (SSA:2021-146-01)

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...