Synopsis:	Moderate: subversion security update
Issue date:	2011-02-15
CVE Names:	CVE-2010-4539 CVE-2010-4644

A server-side memory leak was found in the Subversion server. If a
malicious, remote user performed "svn blame" or "svn log" operations on
certain repository files, it could cause the Subversion server to 
consume a large amount of system memory. (CVE-2010-4644)

A NULL pointer dereference flaw was found in the way the mod_dav_svn 
module (for use with the Apache HTTP Server) processed certain requests. 
If a malicious, remote user issued a certain type of request to display 
a collection of Subversion repositories on a host that has the 
SVNListParentPath directive enabled, it could cause the httpd process 
serving the request to crash. Note that SVNListParentPath is not enabled 
by default. (CVE-2010-4539)

After installing the updated packages, the Subversion server must be 
restarted for the update to take effect: restart httpd if you are using 
mod_dav_svn, or restart svnserve if it is used.

SL 5.x

     SRPMS:
subversion-1.6.11-7.el5_6.1.src.rpm
     i386:
subversion-1.6.11-7.el5_6.1.i386.rpm
subversion-devel-1.6.11-7.el5_6.1.i386.rpm
subversion-javahl-1.6.11-7.el5_6.1.i386.rpm
subversion-perl-1.6.11-7.el5_6.1.i386.rpm
subversion-ruby-1.6.11-7.el5_6.1.i386.rpm
mod_dav_svn-1.6.11-7.el5_6.1.i386.rpm
     x86_64:
subversion-1.6.11-7.el5_6.1.i386.rpm
subversion-1.6.11-7.el5_6.1.x86_64.rpm
subversion-devel-1.6.11-7.el5_6.1.i386.rpm
subversion-devel-1.6.11-7.el5_6.1.x86_64.rpm
subversion-javahl-1.6.11-7.el5_6.1.x86_64.rpm
subversion-perl-1.6.11-7.el5_6.1.x86_64.rpm
subversion-ruby-1.6.11-7.el5_6.1.x86_64.rpm
mod_dav_svn-1.6.11-7.el5_6.1.x86_64.rpm

-Connie Sieh
-Troy Dawson