Scientific Linux: SLSA-2015:0165-1 Moderate: Subversion Remote Threat

Feb 11, 2015 •

LinuxSecurity Advisories

2 - 3 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate severity update instructions remote access threat Scientific Linux subversion issue

Moderate: subversion security update

Date: Wed, 11 Feb 2015 14:51:37 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: subversion on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: subversion security update
Advisory ID: SLSA-2015:0165-1
Issue Date: 2015-02-10
CVE Numbers: CVE-2014-3528
 CVE-2014-3580
--

A NULL pointer dereference flaw was found in the way the mod_dav_svn
module handled REPORT requests. A remote, unauthenticated attacker could
use a specially crafted REPORT request to crash mod_dav_svn.
(CVE-2014-3580)

It was discovered that Subversion clients retrieved cached authentication
credentials using the MD5 hash of the server realm string without also
checking the server's URL. A malicious server able to provide a realm that
triggers an MD5 collision could possibly use this flaw to obtain the
credentials for a different realm. (CVE-2014-3528)

After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
--

SL6
 x86_64
 mod_dav_svn-1.6.11-12.el6_6.x86_64.rpm
 subversion-1.6.11-12.el6_6.i686.rpm
 subversion-1.6.11-12.el6_6.x86_64.rpm
 subversion-debuginfo-1.6.11-12.el6_6.i686.rpm
 subversion-debuginfo-1.6.11-12.el6_6.x86_64.rpm
 subversion-devel-1.6.11-12.el6_6.i686.rpm
 subversion-devel-1.6.11-12.el6_6.x86_64.rpm
 subversion-gnome-1.6.11-12.el6_6.i686.rpm
 subversion-gnome-1.6.11-12.el6_6.x86_64.rpm
 subversion-javahl-1.6.11-12.el6_6.i686.rpm
 subversion-javahl-1.6.11-12.el6_6.x86_64.rpm
 subversion-kde-1.6.11-12.el6_6.i686.rpm
 subversion-kde-1.6.11-12.el6_6.x86_64.rpm
 subversion-perl-1.6.11-12.el6_6.i686.rpm
 subversion-perl-1.6.11-12.el6_6.x86_64.rpm
 subversion-ruby-1.6.11-12.el6_6.i686.rpm
 subversion-ruby-1.6.11-12.el6_6.x86_64.rpm
 i386
 mod_dav_svn-1.6.11-12.el6_6.i686.rpm
 subversion-1.6.11-12.el6_6.i686.rpm
 subversion-debuginfo-1.6.11-12.el6_6.i686.rpm
 subversion-devel-1.6.11-12.el6_6.i686.rpm
 subversion-gnome-1.6.11-12.el6_6.i686.rpm
 subversion-javahl-1.6.11-12.el6_6.i686.rpm
 subversion-kde-1.6.11-12.el6_6.i686.rpm
 subversion-perl-1.6.11-12.el6_6.i686.rpm
 subversion-ruby-1.6.11-12.el6_6.i686.rpm
 noarch
 subversion-svn2cl-1.6.11-12.el6_6.noarch.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here