Synopsis: Moderate: subversion security and bug fix update
Issue date: 2011-03-08
CVE Names: CVE-2011-0715
A NULL pointer dereference flaw was found in the way the mod_dav_svn
module processed certain requests to lock working copy paths in a
repository. A remote attacker could issue a lock request that could
cause the httpd process serving the request to crash. (CVE-2011-0715)
This update also fixes the following bug:
* A regression was found in the handling of repositories which do not
have a "db/fsfs.conf" file. The "svnadmin hotcopy" command would fail
when trying to produce a copy of such a repository. This command has
been fixed to ignore the absence of the "fsfs.conf" file. The "svnadmin
hotcopy" command will now succeed for this type of repository. (BZ#681522)
After installing the updated packages, you must restart the httpd
daemon, if you are using mod_dav_svn, for the update to take effect.
SL 5.x
SRPMS:
subversion-1.6.11-7.el5_6.3.src.rpm
i386:
mod_dav_svn-1.6.11-7.el5_6.3.i386.rpm
subversion-1.6.11-7.el5_6.3.i386.rpm
subversion-devel-1.6.11-7.el5_6.3.i386.rpm
subversion-javahl-1.6.11-7.el5_6.3.i386.rpm
subversion-perl-1.6.11-7.el5_6.3.i386.rpm
subversion-ruby-1.6.11-7.el5_6.3.i386.rpm
x86_64:
mod_dav_svn-1.6.11-7.el5_6.3.x86_64.rpm
subversion-1.6.11-7.el5_6.3.i386.rpm
subversion-1.6.11-7.el5_6.3.x86_64.rpm
subversion-devel-1.6.11-7.el5_6.3.i386.rpm
subversion-devel-1.6.11-7.el5_6.3.x86_64.rpm
subversion-javahl-1.6.11-7.el5_6.3.x86_64.rpm
subversion-perl-1.6.11-7.el5_6.3.x86_64.rpm
subversion-ruby-1.6.11-7.el5_6.3.x86_64.rpm
-Connie Sieh
-Troy Dawson
|