Scientific Linux: Moderate Advisory for Subversion Remote Crash

Date: Wed, 9 Mar 2011 14:08:04 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: subversion on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: subversion security update
Issue date:	2011-03-08
CVE Names:	CVE-2011-0715

A NULL pointer dereference flaw was found in the way the mod_dav_svn
module processed certain requests to lock working copy paths in a
repository. A remote attacker could issue a lock request that could
cause the httpd process serving the request to crash. (CVE-2011-0715)

After installing the updated packages, you must restart the httpd
daemon, if you are using mod_dav_svn, for the update to take effect.

SL 6.x

 SRPMS:
subversion-1.6.11-2.el6_0.3.src.rpm
 i386:
mod_dav_svn-1.6.11-2.el6_0.3.i686.rpm
subversion-1.6.11-2.el6_0.3.i686.rpm
subversion-devel-1.6.11-2.el6_0.3.i686.rpm
subversion-gnome-1.6.11-2.el6_0.3.i686.rpm
subversion-javahl-1.6.11-2.el6_0.3.i686.rpm
subversion-kde-1.6.11-2.el6_0.3.i686.rpm
subversion-perl-1.6.11-2.el6_0.3.i686.rpm
subversion-ruby-1.6.11-2.el6_0.3.i686.rpm
subversion-svn2cl-1.6.11-2.el6_0.3.noarch.rpm
 x86_64:
mod_dav_svn-1.6.11-2.el6_0.3.x86_64.rpm
subversion-1.6.11-2.el6_0.3.i686.rpm
subversion-1.6.11-2.el6_0.3.x86_64.rpm
subversion-devel-1.6.11-2.el6_0.3.i686.rpm
subversion-devel-1.6.11-2.el6_0.3.x86_64.rpm
subversion-gnome-1.6.11-2.el6_0.3.i686.rpm
subversion-gnome-1.6.11-2.el6_0.3.x86_64.rpm
subversion-javahl-1.6.11-2.el6_0.3.i686.rpm
subversion-javahl-1.6.11-2.el6_0.3.x86_64.rpm
subversion-kde-1.6.11-2.el6_0.3.i686.rpm
subversion-kde-1.6.11-2.el6_0.3.x86_64.rpm
subversion-perl-1.6.11-2.el6_0.3.i686.rpm
subversion-perl-1.6.11-2.el6_0.3.x86_64.rpm
subversion-ruby-1.6.11-2.el6_0.3.i686.rpm
subversion-ruby-1.6.11-2.el6_0.3.x86_64.rpm
subversion-svn2cl-1.6.11-2.el6_0.3.noarch.rpm

-Connie Sieh
-Troy Dawson