ArchLinux: 201901-17: subversion: denial of service
Summary
A denial of service has been found in subversion versions prior to 1.11.1, allowing a malicious SVN client to crash a remote server using mod_dav_svn by omitting the root path from a recursive directory listing request, causing mod_dav_svn to dereference an uninitialized pointer variable and crash the httpd worker process handling the request.
Resolution
Upgrade to 1.11.1-1.
# pacman -Syu "subversion>=1.11.1-1"
The problem has been fixed upstream in version 1.11.1.
References
https://subversion.apache.org/security/CVE-2018-11803-advisory.txt https://security.archlinux.org/CVE-2018-11803
Workaround
None.