Scientific Linux SL6: SLSA-2015:1633-1 Moderate: Subversion Security Fix

Aug 17, 2015 •

LinuxSecurity Advisories

2 - 3 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate security update subversion remote attack scientific linux

Moderate: subversion security update

Date: Mon, 17 Aug 2015 16:37:04 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: subversion on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20150817163704.9756.9613@slpackages.fnal.gov>

Synopsis: Moderate: subversion security update
Advisory ID: SLSA-2015:1633-1
Issue Date: 2015-08-17
CVE Numbers: CVE-2015-0248
 CVE-2015-0251
 CVE-2015-3187
--

An assertion failure flaw was found in the way the SVN server processed
certain requests with dynamically evaluated revision numbers. A remote
attacker could use this flaw to cause the SVN server (both svnserve and
httpd with the mod_dav_svn module) to crash. (CVE-2015-0248)

It was found that the mod_dav_svn module did not properly validate the
svn:author property of certain requests. An attacker able to create new
revisions could use this flaw to spoof the svn:author property.
(CVE-2015-0251)

It was found that when an SVN server (both svnserve and httpd with the
mod_dav_svn module) searched the history of a file or a directory, it
would disclose its location in the repository if that file or directory
was not readable (for example, if it had been moved). (CVE-2015-3187)

After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.
--

SL6
 x86_64
 mod_dav_svn-1.6.11-15.el6_7.x86_64.rpm
 subversion-1.6.11-15.el6_7.i686.rpm
 subversion-1.6.11-15.el6_7.x86_64.rpm
 subversion-debuginfo-1.6.11-15.el6_7.i686.rpm
 subversion-debuginfo-1.6.11-15.el6_7.x86_64.rpm
 subversion-devel-1.6.11-15.el6_7.i686.rpm
 subversion-devel-1.6.11-15.el6_7.x86_64.rpm
 subversion-gnome-1.6.11-15.el6_7.i686.rpm
 subversion-gnome-1.6.11-15.el6_7.x86_64.rpm
 subversion-javahl-1.6.11-15.el6_7.i686.rpm
 subversion-javahl-1.6.11-15.el6_7.x86_64.rpm
 subversion-kde-1.6.11-15.el6_7.i686.rpm
 subversion-kde-1.6.11-15.el6_7.x86_64.rpm
 subversion-perl-1.6.11-15.el6_7.i686.rpm
 subversion-perl-1.6.11-15.el6_7.x86_64.rpm
 subversion-ruby-1.6.11-15.el6_7.i686.rpm
 subversion-ruby-1.6.11-15.el6_7.x86_64.rpm
 i386
 mod_dav_svn-1.6.11-15.el6_7.i686.rpm
 subversion-1.6.11-15.el6_7.i686.rpm
 subversion-debuginfo-1.6.11-15.el6_7.i686.rpm
 subversion-devel-1.6.11-15.el6_7.i686.rpm
 subversion-gnome-1.6.11-15.el6_7.i686.rpm
 subversion-javahl-1.6.11-15.el6_7.i686.rpm
 subversion-kde-1.6.11-15.el6_7.i686.rpm
 subversion-perl-1.6.11-15.el6_7.i686.rpm
 subversion-ruby-1.6.11-15.el6_7.i686.rpm
 noarch
 subversion-svn2cl-1.6.11-15.el6_7.noarch.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here