Synopsis: Moderate: subversion security update Issue Date: 2011-06-08 CVE Numbers: CVE-2011-1752 Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process serving the request to crash. (CVE-2011-1752) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. SL4: i386 mod_dav_svn-1.1.4-4.el4.i386.rpm subversion-1.1.4-4.el4.i386.rpm subversion-debuginfo-1.1.4-4.el4.i386.rpm subversion-devel-1.1.4-4.el4.i386.rpm subversion-perl-1.1.4-4.el4.i386.rpm x86_64 subversion-devel-1.1.4-4.el4.x86_64.rpm subversion-debuginfo-1.1.4-4.el4.x86_64.rpm subversion-1.1.4-4.el4.x86_64.rpm mod_dav_svn-1.1.4-4.el4.x86_64.rpm subversion-perl-1.1.4-4.el4.x86_64.rpm - Scientific Linux Development Team