Date: Wed, 11 Feb 2015 17:05:58 +0000
Reply-To: scientific-linux-users@listserv.fnal.gov
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Subject: Security ERRATA Moderate: subversion on SL7.x x86_64
MIME-Version: 1.0
Synopsis: Moderate: subversion security update
Advisory ID: SLSA-2015:0166-1
Issue Date: 2015-02-10
CVE Numbers: CVE-2014-3528
CVE-2014-3580
CVE-2014-8108
--
A NULL pointer dereference flaw was found in the way the mod_dav_svn
module handled REPORT requests. A remote, unauthenticated attacker could
use a specially crafted REPORT request to crash mod_dav_svn.
(CVE-2014-3580)
A NULL pointer dereference flaw was found in the way the mod_dav_svn
module handled certain requests for URIs that trigger a lookup of a
virtual transaction name. A remote, unauthenticated attacker could send a
request for a virtual transaction name that does not exist, causing
mod_dav_svn to crash. (CVE-2014-8108)
It was discovered that Subversion clients retrieved cached authentication
credentials using the MD5 hash of the server realm string without also
checking the server's URL. A malicious server able to provide a realm that
triggers an MD5 collision could possibly use this flaw to obtain the
credentials for a different realm. (CVE-2014-3528)
After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
--
SL7
x86_64
mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm
subversion-1.7.14-7.el7_0.i686.rpm
subversion-1.7.14-7.el7_0.x86_64.rpm
subversion-debuginfo-1.7.14-7.el7_0.i686.rpm
subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm
subversion-devel-1.7.14-7.el7_0.i686.rpm
subversion-devel-1.7.14-7.el7_0.x86_64.rpm
subversion-gnome-1.7.14-7.el7_0.i686.rpm
subversion-gnome-1.7.14-7.el7_0.x86_64.rpm
subversion-javahl-1.7.14-7.el7_0.i686.rpm
subversion-javahl-1.7.14-7.el7_0.x86_64.rpm
subversion-kde-1.7.14-7.el7_0.i686.rpm
subversion-kde-1.7.14-7.el7_0.x86_64.rpm
subversion-libs-1.7.14-7.el7_0.i686.rpm
subversion-libs-1.7.14-7.el7_0.x86_64.rpm
subversion-perl-1.7.14-7.el7_0.i686.rpm
subversion-perl-1.7.14-7.el7_0.x86_64.rpm
subversion-python-1.7.14-7.el7_0.x86_64.rpm
subversion-ruby-1.7.14-7.el7_0.i686.rpm
subversion-ruby-1.7.14-7.el7_0.x86_64.rpm
subversion-tools-1.7.14-7.el7_0.x86_64.rpm
- Scientific Linux Development Team
SciLinux: CVE-2014-3528 Moderate: subversion SL7.x x86_64
Moderate: subversion security update
Summary
Moderate: subversion security update
Security Fixes
Severity
Advisory ID: SLSA-2015:0166-1
Issued Date: : 2015-02-10
CVE Numbers: CVE-2014-3528
CVE-2014-3580
CVE-2014-8108
News
HOWTOs
Features
About Us
Powered By
