Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

openSUSE 11.3: 2011:0693-1 Important: Subversion Memory Leak and Crash

opensuse
Calendar Grey June 24, 2011
Dist Opensuse Esm H88
openSUSE Security Update: subversion security udpate _______________________________________________
An update that fixes four vulnerabilities is now available

Description

- CVE-2011-1752: The mod_dav_svn Apache HTTPD server

module can be crashed though when asked to deliver

baselined WebDAV resources.

- CVE-2011-1783: The mod_dav_svn Apache HTTPD server module

can trigger a loop which consumes all available memory on

the system.

- CVE-2011-1921: The mod_dav_svn Apache HTTPD server module

may leak to remote users the file contents of files

configured to be unreadable by those users.

- CVE-2011-0715: Remote attackers could crash an svn server

by causing a NULL deref

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch libsvn_auth_gnome_keyring-1-0-4689

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.3 (i586 x86_64):

libsvn_auth_gnome_keyring-1-0-1.6.9-4.7.1

libsvn_auth_kwallet-1-0-1.6.9-4.7.1

subversion-1.6.9-4.7.1

subversion-devel-1.6.9-4.7.1

subversion-perl-1.6.9-4.7.1

subversion-python-1.6.9-4.7.1

subversion-ruby-1.6.9-4.7.1

subversion-server-1.6.9-4.7.1

subversion-tools-1.6.9-4.7.1

References

https://www.suse.com/security/cve/CVE-2011-0715.html

https://www.suse.com/security/cve/CVE-2011-1752.html

https://www.suse.com/security/cve/CVE-2011-1783.html

https://www.suse.com/security/cve/CVE-2011-1921.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2011:0693-1
Rating: important
Affected Products: openSUSE 11.3 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.