Synopsis:    Moderate: subversion security update
Issue Date:  2011-06-08
CVE Numbers: CVE-2011-1752


Subversion (SVN) is a concurrent version control system which enables 
one or more users to collaborate in developing and maintaining a 
hierarchy of files and directories while keeping a history of all 
changes. The mod_dav_svn module is used with the Apache HTTP Server to 
allow access to Subversion repositories via HTTP.

A NULL pointer dereference flaw was found in the way the mod_dav_svn 
module processed requests submitted against the URL of a baselined 
resource. A malicious, remote user could use this flaw to cause the 
httpd process serving the request to crash. (CVE-2011-1752)

All Subversion users should upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, you must restart the httpd daemon, if you are using
mod_dav_svn, for the update to take effect.

SL4:
   i386
      mod_dav_svn-1.1.4-4.el4.i386.rpm
      subversion-1.1.4-4.el4.i386.rpm
      subversion-debuginfo-1.1.4-4.el4.i386.rpm
      subversion-devel-1.1.4-4.el4.i386.rpm
      subversion-perl-1.1.4-4.el4.i386.rpm
   x86_64
      subversion-devel-1.1.4-4.el4.x86_64.rpm
      subversion-debuginfo-1.1.4-4.el4.x86_64.rpm
      subversion-1.1.4-4.el4.x86_64.rpm
      mod_dav_svn-1.1.4-4.el4.x86_64.rpm
      subversion-perl-1.1.4-4.el4.x86_64.rpm

- Scientific Linux Development Team