SCIENTIFIC-LINUX-ERRATA Archives

March 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: subversion on SL5.x, SL6.x i386/x86_64
From:
Bonnie King <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 5 Mar 2014 22:11:43 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (83 lines) 
Synopsis:          Moderate: subversion security update
Advisory ID:       SLSA-2014:0255-1
Issue Date:        2014-03-05
CVE Numbers:       CVE-2013-1968
                   CVE-2013-2112
                   CVE-2014-0032
--

A flaw was found in the way the mod_dav_svn module handled OPTIONS
requests. A remote attacker with read access to an SVN repository served
via HTTP could use this flaw to cause the httpd process that handled such
a request to crash. (CVE-2014-0032)

A flaw was found in the way Subversion handled file names with newline
characters when the FSFS repository format was used. An attacker with
commit access to an SVN repository could corrupt a revision by committing
a specially crafted file. (CVE-2013-1968)

A flaw was found in the way the svnserve tool of Subversion handled remote
client network connections. An attacker with read access to an SVN
repository served via svnserve could use this flaw to cause the svnserve
daemon to exit, leading to a denial of service. (CVE-2013-2112)

After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
--

SL5
  x86_64
    mod_dav_svn-1.6.11-12.el5_10.x86_64.rpm
    subversion-1.6.11-12.el5_10.i386.rpm
    subversion-1.6.11-12.el5_10.x86_64.rpm
    subversion-debuginfo-1.6.11-12.el5_10.i386.rpm
    subversion-debuginfo-1.6.11-12.el5_10.x86_64.rpm
    subversion-devel-1.6.11-12.el5_10.i386.rpm
    subversion-devel-1.6.11-12.el5_10.x86_64.rpm
    subversion-javahl-1.6.11-12.el5_10.x86_64.rpm
    subversion-perl-1.6.11-12.el5_10.x86_64.rpm
    subversion-ruby-1.6.11-12.el5_10.x86_64.rpm
  i386
    mod_dav_svn-1.6.11-12.el5_10.i386.rpm
    subversion-1.6.11-12.el5_10.i386.rpm
    subversion-debuginfo-1.6.11-12.el5_10.i386.rpm
    subversion-devel-1.6.11-12.el5_10.i386.rpm
    subversion-javahl-1.6.11-12.el5_10.i386.rpm
    subversion-perl-1.6.11-12.el5_10.i386.rpm
    subversion-ruby-1.6.11-12.el5_10.i386.rpm
SL6
  x86_64
    mod_dav_svn-1.6.11-10.el6_5.x86_64.rpm
    subversion-1.6.11-10.el6_5.i686.rpm
    subversion-1.6.11-10.el6_5.x86_64.rpm
    subversion-debuginfo-1.6.11-10.el6_5.i686.rpm
    subversion-debuginfo-1.6.11-10.el6_5.x86_64.rpm
    subversion-devel-1.6.11-10.el6_5.i686.rpm
    subversion-devel-1.6.11-10.el6_5.x86_64.rpm
    subversion-gnome-1.6.11-10.el6_5.i686.rpm
    subversion-gnome-1.6.11-10.el6_5.x86_64.rpm
    subversion-javahl-1.6.11-10.el6_5.i686.rpm
    subversion-javahl-1.6.11-10.el6_5.x86_64.rpm
    subversion-kde-1.6.11-10.el6_5.i686.rpm
    subversion-kde-1.6.11-10.el6_5.x86_64.rpm
    subversion-perl-1.6.11-10.el6_5.i686.rpm
    subversion-perl-1.6.11-10.el6_5.x86_64.rpm
    subversion-ruby-1.6.11-10.el6_5.i686.rpm
    subversion-ruby-1.6.11-10.el6_5.x86_64.rpm
  i386
    mod_dav_svn-1.6.11-10.el6_5.i686.rpm
    subversion-1.6.11-10.el6_5.i686.rpm
    subversion-debuginfo-1.6.11-10.el6_5.i686.rpm
    subversion-devel-1.6.11-10.el6_5.i686.rpm
    subversion-gnome-1.6.11-10.el6_5.i686.rpm
    subversion-javahl-1.6.11-10.el6_5.i686.rpm
    subversion-kde-1.6.11-10.el6_5.i686.rpm
    subversion-perl-1.6.11-10.el6_5.i686.rpm
    subversion-ruby-1.6.11-10.el6_5.i686.rpm
  noarch
    subversion-svn2cl-1.6.11-10.el6_5.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2