SCIENTIFIC-LINUX-ERRATA Archives

February 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: subversion on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 11 Feb 2015 14:51:37 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (58 lines) 
Synopsis:          Moderate: subversion security update
Advisory ID:       SLSA-2015:0165-1
Issue Date:        2015-02-10
CVE Numbers:       CVE-2014-3528
                   CVE-2014-3580
--

A NULL pointer dereference flaw was found in the way the mod_dav_svn
module handled REPORT requests. A remote, unauthenticated attacker could
use a specially crafted REPORT request to crash mod_dav_svn.
(CVE-2014-3580)

It was discovered that Subversion clients retrieved cached authentication
credentials using the MD5 hash of the server realm string without also
checking the server's URL. A malicious server able to provide a realm that
triggers an MD5 collision could possibly use this flaw to obtain the
credentials for a different realm. (CVE-2014-3528)

After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
--

SL6
  x86_64
    mod_dav_svn-1.6.11-12.el6_6.x86_64.rpm
    subversion-1.6.11-12.el6_6.i686.rpm
    subversion-1.6.11-12.el6_6.x86_64.rpm
    subversion-debuginfo-1.6.11-12.el6_6.i686.rpm
    subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm
    subversion-devel-1.6.11-12.el6_6.i686.rpm
    subversion-devel-1.6.11-12.el6_6.x86_64.rpm
    subversion-gnome-1.6.11-12.el6_6.i686.rpm
    subversion-gnome-1.6.11-12.el6_6.x86_64.rpm
    subversion-javahl-1.6.11-12.el6_6.i686.rpm
    subversion-javahl-1.6.11-12.el6_6.x86_64.rpm
    subversion-kde-1.6.11-12.el6_6.i686.rpm
    subversion-kde-1.6.11-12.el6_6.x86_64.rpm
    subversion-perl-1.6.11-12.el6_6.i686.rpm
    subversion-perl-1.6.11-12.el6_6.x86_64.rpm
    subversion-ruby-1.6.11-12.el6_6.i686.rpm
    subversion-ruby-1.6.11-12.el6_6.x86_64.rpm
  i386
    mod_dav_svn-1.6.11-12.el6_6.i686.rpm
    subversion-1.6.11-12.el6_6.i686.rpm
    subversion-debuginfo-1.6.11-12.el6_6.i686.rpm
    subversion-devel-1.6.11-12.el6_6.i686.rpm
    subversion-gnome-1.6.11-12.el6_6.i686.rpm
    subversion-javahl-1.6.11-12.el6_6.i686.rpm
    subversion-kde-1.6.11-12.el6_6.i686.rpm
    subversion-perl-1.6.11-12.el6_6.i686.rpm
    subversion-ruby-1.6.11-12.el6_6.i686.rpm
  noarch
    subversion-svn2cl-1.6.11-12.el6_6.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2