Synopsis: Moderate: subversion security update Advisory ID: SLSA-2014:0255-1 Issue Date: 2014-03-05 CVE Numbers: CVE-2013-1968 CVE-2013-2112 CVE-2014-0032 -- A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032) A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968) A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service. (CVE-2013-2112) After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. -- SL5 x86_64 mod_dav_svn-1.6.11-12.el5_10.x86_64.rpm subversion-1.6.11-12.el5_10.i386.rpm subversion-1.6.11-12.el5_10.x86_64.rpm subversion-debuginfo-1.6.11-12.el5_10.i386.rpm subversion-debuginfo-1.6.11-12.el5_10.x86_64.rpm subversion-devel-1.6.11-12.el5_10.i386.rpm subversion-devel-1.6.11-12.el5_10.x86_64.rpm subversion-javahl-1.6.11-12.el5_10.x86_64.rpm subversion-perl-1.6.11-12.el5_10.x86_64.rpm subversion-ruby-1.6.11-12.el5_10.x86_64.rpm i386 mod_dav_svn-1.6.11-12.el5_10.i386.rpm subversion-1.6.11-12.el5_10.i386.rpm subversion-debuginfo-1.6.11-12.el5_10.i386.rpm subversion-devel-1.6.11-12.el5_10.i386.rpm subversion-javahl-1.6.11-12.el5_10.i386.rpm subversion-perl-1.6.11-12.el5_10.i386.rpm subversion-ruby-1.6.11-12.el5_10.i386.rpm SL6 x86_64 mod_dav_svn-1.6.11-10.el6_5.x86_64.rpm subversion-1.6.11-10.el6_5.i686.rpm subversion-1.6.11-10.el6_5.x86_64.rpm subversion-debuginfo-1.6.11-10.el6_5.i686.rpm subversion-debuginfo-1.6.11-10.el6_5.x86_64.rpm subversion-devel-1.6.11-10.el6_5.i686.rpm subversion-devel-1.6.11-10.el6_5.x86_64.rpm subversion-gnome-1.6.11-10.el6_5.i686.rpm subversion-gnome-1.6.11-10.el6_5.x86_64.rpm subversion-javahl-1.6.11-10.el6_5.i686.rpm subversion-javahl-1.6.11-10.el6_5.x86_64.rpm subversion-kde-1.6.11-10.el6_5.i686.rpm subversion-kde-1.6.11-10.el6_5.x86_64.rpm subversion-perl-1.6.11-10.el6_5.i686.rpm subversion-perl-1.6.11-10.el6_5.x86_64.rpm subversion-ruby-1.6.11-10.el6_5.i686.rpm subversion-ruby-1.6.11-10.el6_5.x86_64.rpm i386 mod_dav_svn-1.6.11-10.el6_5.i686.rpm subversion-1.6.11-10.el6_5.i686.rpm subversion-debuginfo-1.6.11-10.el6_5.i686.rpm subversion-devel-1.6.11-10.el6_5.i686.rpm subversion-gnome-1.6.11-10.el6_5.i686.rpm subversion-javahl-1.6.11-10.el6_5.i686.rpm subversion-kde-1.6.11-10.el6_5.i686.rpm subversion-perl-1.6.11-10.el6_5.i686.rpm subversion-ruby-1.6.11-10.el6_5.i686.rpm noarch subversion-svn2cl-1.6.11-10.el6_5.noarch.rpm - Scientific Linux Development Team