Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Scientific Linux: SLSA-2014:0255-1 Moderate Subversion Security Fix

Scientific Large Esm H446
Moderate: subversion security update
Date: Wed, 5 Mar 2014 22:11:43 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Bonnie King 
Subject: Security ERRATA Moderate: subversion on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: subversion security update
Advisory ID: SLSA-2014:0255-1
Issue Date: 2014-03-05
CVE Numbers: CVE-2013-1968
 CVE-2013-2112
 CVE-2014-0032
--

A flaw was found in the way the mod_dav_svn module handled OPTIONS
requests. A remote attacker with read access to an SVN repository served
via HTTP could use this flaw to cause the httpd process that handled such
a request to crash. (CVE-2014-0032)

A flaw was found in the way Subversion handled file names with newline
characters when the FSFS repository format was used. An attacker with
commit access to an SVN repository could corrupt a revision by committing
a specially crafted file. (CVE-2013-1968)

A flaw was found in the way the svnserve tool of Subversion handled remote
client network connections. An attacker with read access to an SVN
repository served via svnserve could use this flaw to cause the svnserve
daemon to exit, leading to a denial of service. (CVE-2013-2112)

After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
--

SL5
 x86_64
 mod_dav_svn-1.6.11-12.el5_10.x86_64.rpm
 subversion-1.6.11-12.el5_10.i386.rpm
 subversion-1.6.11-12.el5_10.x86_64.rpm
 subversion-debuginfo-1.6.11-12.el5_10.i386.rpm
 subversion-debuginfo-1.6.11-12.el5_10.x86_64.rpm
 subversion-devel-1.6.11-12.el5_10.i386.rpm
 subversion-devel-1.6.11-12.el5_10.x86_64.rpm
 subversion-javahl-1.6.11-12.el5_10.x86_64.rpm
 subversion-perl-1.6.11-12.el5_10.x86_64.rpm
 subversion-ruby-1.6.11-12.el5_10.x86_64.rpm
 i386
 mod_dav_svn-1.6.11-12.el5_10.i386.rpm
 subversion-1.6.11-12.el5_10.i386.rpm
 subversion-debuginfo-1.6.11-12.el5_10.i386.rpm
 subversion-devel-1.6.11-12.el5_10.i386.rpm
 subversion-javahl-1.6.11-12.el5_10.i386.rpm
 subversion-perl-1.6.11-12.el5_10.i386.rpm
 subversion-ruby-1.6.11-12.el5_10.i386.rpm
SL6
 x86_64
 mod_dav_svn-1.6.11-10.el6_5.x86_64.rpm
 subversion-1.6.11-10.el6_5.i686.rpm
 subversion-1.6.11-10.el6_5.x86_64.rpm
 subversion-debuginfo-1.6.11-10.el6_5.i686.rpm
 subversion-debuginfo-1.6.11-10.el6_5.x86_64.rpm
 subversion-devel-1.6.11-10.el6_5.i686.rpm
 subversion-devel-1.6.11-10.el6_5.x86_64.rpm
 subversion-gnome-1.6.11-10.el6_5.i686.rpm
 subversion-gnome-1.6.11-10.el6_5.x86_64.rpm
 subversion-javahl-1.6.11-10.el6_5.i686.rpm
 subversion-javahl-1.6.11-10.el6_5.x86_64.rpm
 subversion-kde-1.6.11-10.el6_5.i686.rpm
 subversion-kde-1.6.11-10.el6_5.x86_64.rpm
 subversion-perl-1.6.11-10.el6_5.i686.rpm
 subversion-perl-1.6.11-10.el6_5.x86_64.rpm
 subversion-ruby-1.6.11-10.el6_5.i686.rpm
 subversion-ruby-1.6.11-10.el6_5.x86_64.rpm
 i386
 mod_dav_svn-1.6.11-10.el6_5.i686.rpm
 subversion-1.6.11-10.el6_5.i686.rpm
 subversion-debuginfo-1.6.11-10.el6_5.i686.rpm
 subversion-devel-1.6.11-10.el6_5.i686.rpm
 subversion-gnome-1.6.11-10.el6_5.i686.rpm
 subversion-javahl-1.6.11-10.el6_5.i686.rpm
 subversion-kde-1.6.11-10.el6_5.i686.rpm
 subversion-perl-1.6.11-10.el6_5.i686.rpm
 subversion-ruby-1.6.11-10.el6_5.i686.rpm
 noarch
 subversion-svn2cl-1.6.11-10.el6_5.noarch.rpm

- Scientific Linux Development Team