Scientific Linux: 2011-06-08 Moderate Advisory for Subversion HTTP Crash

Date: Wed, 8 Jun 2011 16:12:52 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: subversion on SL4.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 
MIME-Version: 1.0

Synopsis: Moderate: subversion security update
Issue Date: 2011-06-08
CVE Numbers: CVE-2011-1752

Subversion (SVN) is a concurrent version control system which enables
one or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. The mod_dav_svn module is used with the Apache HTTP Server to
allow access to Subversion repositories via HTTP.

A NULL pointer dereference flaw was found in the way the mod_dav_svn
module processed requests submitted against the URL of a baselined
resource. A malicious, remote user could use this flaw to cause the
httpd process serving the request to crash. (CVE-2011-1752)

All Subversion users should upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, you must restart the httpd daemon, if you are using
mod_dav_svn, for the update to take effect.

SL4:
 i386
 mod_dav_svn-1.1.4-4.el4.i386.rpm
 subversion-1.1.4-4.el4.i386.rpm
 subversion-debuginfo-1.1.4-4.el4.i386.rpm
 subversion-devel-1.1.4-4.el4.i386.rpm
 subversion-perl-1.1.4-4.el4.i386.rpm
 x86_64
 subversion-devel-1.1.4-4.el4.x86_64.rpm
 subversion-debuginfo-1.1.4-4.el4.x86_64.rpm
 subversion-1.1.4-4.el4.x86_64.rpm
 mod_dav_svn-1.1.4-4.el4.x86_64.rpm
 subversion-perl-1.1.4-4.el4.x86_64.rpm

- Scientific Linux Development Team