LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

August 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA August 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: subversion on SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 17 Aug 2015 16:37:04 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (63 lines)

Synopsis:          Moderate: subversion security update
Advisory ID:       SLSA-2015:1633-1
Issue Date:        2015-08-17
CVE Numbers:       CVE-2015-0248
                   CVE-2015-0251
                   CVE-2015-3187
--

An assertion failure flaw was found in the way the SVN server processed
certain requests with dynamically evaluated revision numbers. A remote
attacker could use this flaw to cause the SVN server (both svnserve and
httpd with the mod_dav_svn module) to crash. (CVE-2015-0248)

It was found that the mod_dav_svn module did not properly validate the
svn:author property of certain requests. An attacker able to create new
revisions could use this flaw to spoof the svn:author property.
(CVE-2015-0251)

It was found that when an SVN server (both svnserve and httpd with the
mod_dav_svn module) searched the history of a file or a directory, it
would disclose its location in the repository if that file or directory
was not readable (for example, if it had been moved). (CVE-2015-3187)

After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
--

SL6
  x86_64
    mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm
    subversion-1.6.11-15.el6_7.i686.rpm
    subversion-1.6.11-15.el6_7.x86_64.rpm
    subversion-debuginfo-1.6.11-15.el6_7.i686.rpm
    subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm
    subversion-devel-1.6.11-15.el6_7.i686.rpm
    subversion-devel-1.6.11-15.el6_7.x86_64.rpm
    subversion-gnome-1.6.11-15.el6_7.i686.rpm
    subversion-gnome-1.6.11-15.el6_7.x86_64.rpm
    subversion-javahl-1.6.11-15.el6_7.i686.rpm
    subversion-javahl-1.6.11-15.el6_7.x86_64.rpm
    subversion-kde-1.6.11-15.el6_7.i686.rpm
    subversion-kde-1.6.11-15.el6_7.x86_64.rpm
    subversion-perl-1.6.11-15.el6_7.i686.rpm
    subversion-perl-1.6.11-15.el6_7.x86_64.rpm
    subversion-ruby-1.6.11-15.el6_7.i686.rpm
    subversion-ruby-1.6.11-15.el6_7.x86_64.rpm
  i386
    mod_dav_svn-1.6.11-15.el6_7.i686.rpm
    subversion-1.6.11-15.el6_7.i686.rpm
    subversion-debuginfo-1.6.11-15.el6_7.i686.rpm
    subversion-devel-1.6.11-15.el6_7.i686.rpm
    subversion-gnome-1.6.11-15.el6_7.i686.rpm
    subversion-javahl-1.6.11-15.el6_7.i686.rpm
    subversion-kde-1.6.11-15.el6_7.i686.rpm
    subversion-perl-1.6.11-15.el6_7.i686.rpm
    subversion-ruby-1.6.11-15.el6_7.i686.rpm
  noarch
    subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV