Debian: DSA-2118-1 Moderate: Subversion Access Control Bypass
debian
October 8, 2010
Kamesh Jayachandran and C
Topics Covered
Summary
Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn
module of subversion, a version control system, is not properly enforcing
access rules which are scope-limited to named repositories. If the
SVNPathAuthz option is set to "short_circuit" set this may enable an
unprivileged attacker to bypass intended access restrictions and disclose
or modify repository content.
As a workaround it is also possible to set SVNPathAuthz to "on" but be
advised that this can result in a performance decrease for large
repositories.
For the stable distribution (lenny), this problem has been fixed in
version 1.5.1dfsg1-5.
For the testing distribution (squeeze), this problem has been fixed in
version 1.6.12dfsg-2.
For the unstable distribution (sid), this problem has been fixed in
version 1.6.12dfsg-2.
We recommend that you upgrade your samba packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you ar...
PREVIOUS
NEXT
Package: subversion
CVE ID: CVE-2010-3315
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!