Synopsis: Moderate: subversion security update Issue date: 2011-02-15 CVE Names: CVE-2010-4539 CVE-2010-4644 A server-side memory leak was found in the Subversion server. If a malicious, remote user performed "svn blame" or "svn log" operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. SL 5.x SRPMS: subversion-1.6.11-7.el5_6.1.src.rpm i386: subversion-1.6.11-7.el5_6.1.i386.rpm subversion-devel-1.6.11-7.el5_6.1.i386.rpm subversion-javahl-1.6.11-7.el5_6.1.i386.rpm subversion-perl-1.6.11-7.el5_6.1.i386.rpm subversion-ruby-1.6.11-7.el5_6.1.i386.rpm mod_dav_svn-1.6.11-7.el5_6.1.i386.rpm x86_64: subversion-1.6.11-7.el5_6.1.i386.rpm subversion-1.6.11-7.el5_6.1.x86_64.rpm subversion-devel-1.6.11-7.el5_6.1.i386.rpm subversion-devel-1.6.11-7.el5_6.1.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.1.x86_64.rpm subversion-perl-1.6.11-7.el5_6.1.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.1.x86_64.rpm mod_dav_svn-1.6.11-7.el5_6.1.x86_64.rpm -Connie Sieh -Troy Dawson