Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryFedoracritical updateFedora 29: 2019-17556e2ad6 Critical: Fix for httpd Crash in Mod_Cluster
Security, Performance updates, fiexes blocker with crashing httpd BZ 1708248. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-17556e2ad6 2019-05-10 02:21:33.370624 --------------------------------------------------------------------------------Name : mod_cluster Product : Fedora 29 Version : 1.3.11 Release : 1.fc29 URL : https://www.modcluster.io/ Summary : Apache HTTP Server dynamic load balancer with Wildfly and Tomcat libraries Description : Mod_cluster is an httpd-based load balancer. Like mod_jk and mod_proxy, mod_cluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike mod_jk and mod_proxy, mod_cluster leverages an additional connection between the application server nodes and httpd. The application server nodes use this connection to transmit server-side load balance factors and lifecycle events back to httpd via a custom set of HTTP methods, affectionately called the Mod-Cluster Management Protocol (MCMP). This additional feedback channel allows mod_cluster to offer a level of intelligence and granularity not found in other load balancing solutions. --------------------------------------------------------------------------------Update Information: Security, Performance updates, fiexes blocker with crashing httpd BZ 1708248 --------------------------------------------------------------------------------ChangeLog: * Thu May 9 2019 Michal Karm Babacek 1.3.11-1 - Updates comments about Selinux in mod_cluster.conf - Removes Java libs for Tomcat 8 and Wildfly 10, to be reintroduced for Tomcat 9 in a separate package - Fix for MODCLUSTER-690 - Back port upstream warning fixes - Fix for MODCLUSTER-543 - Fix forMODCLUSTER-684 - Fix 503 found while investigating MODCLUSTER-684 - Fix for JBCS-634 decrease loops per vhosts for balancer changes - Fix for MODCLUSTER-622 segfault in process_info - Fix forMODCLUSTER-582 and clean some C++ comments - Fix for MODCLUSTER-590 - workers array for Deterministic failover is now allocated dynamically - Fix for MODCLUSTER-526 We don't use helper-> shared if it's already NULL - Fix for MODCLUSTER-550 Failover targets should be chosen deterministically - Fix for MODCLUSTER-547 - Fix CVE-2016-8612 JBCS-193 - Fix for MODCLUSTER-522 - Fix for MODCLUSTER-534 update to MODCLUSTER-435 normalizing balancer name - Security enhancements for protocol parser * Fri Feb 1 2019 Fedora Release Engineering - 1.3.3-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering - 1.3.3-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering - 1.3.3-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1374210 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1374210 [ 2 ] Bug #1708248 - Segfaults in Apache after updating packages (using mod_cluster and mod_ssl) https://bugzilla.redhat.com/show_bug.cgi?id=1708248 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-17556e2ad6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 09, 2019
•Critical
Fedora
200
security advisorymoderateremote code executionScientific Linux: SLSA-2014:0369-1 Moderate: httpd Remote Code Execution
Moderate: httpd security update. Date: Fri, 4 Apr 2014 18:27:21 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Bonnie King Subject: Security ERRATA Moderate: httpd on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: httpd security update Advisory ID: SLSA-2014:0369-1 Issue Date: 2014-04-03 CVE Numbers: CVE-2013-6438 CVE-2014-0098 -- It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Scientific Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) After installing the updated packages, the httpd daemon will be restarted automatically. -- SL5 x86_64 httpd-2.2.3-85.el5_10.x86_64.rpm httpd-debuginfo-2.2.3-85.el5_10.x86_64.rpm mod_ssl-2.2.3-85.el5_10.x86_64.rpm httpd-debuginfo-2.2.3-85.el5_10.i386.rpm httpd-devel-2.2.3-85.el5_10.i386.rpm httpd-devel-2.2.3-85.el5_10.x86_64.rpm httpd-manual-2.2.3-85.el5_10.x86_64.rpm i386 httpd-2.2.3-85.el5_10.i386.rpm httpd-debuginfo-2.2.3-85.el5_10.i386.rpm mod_ssl-2.2.3-85.el5_10.i386.rpm httpd-devel-2.2.3-85.el5_10.i386.rpm httpd-manual-2.2.3-85.el5_10.i386.rpm - Scientific Linux Development Team . Stay informed about moderate vulnerabilities in httpd on Scientific Linux to protect sensitive data and ensure system availability against potential attacks. httpd Update, Scientific Linux Security, Remote Code Execution. . LinuxSecurity.com Team
Apr 04, 2014
Scientific Linux
98
security advisorysubversionDoSRedHat: RHSA-2013-0737-01 Moderate: Subversion DoS Risk Advisory
Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2013:0737-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0737.html Issue date: 2013-04-11 CVE Names: CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 ==================================================================== 1. Summary: Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of allchanges. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash. (CVE-2013-1849) A flaw was found in the way the mod_dav_svn module handled large numbersof properties (such as those set with the "svn propset" command). A malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. (CVE-2013-1845) Two NULL pointer dereference flaws were found in the way the mod_dav_svn module handled LOCK requests on certain types of URLs. A malicious, remote user could use these flaws to cause the httpd process serving the request to crash. (CVE-2013-1846, CVE-2013-1847) Note: The CVE-2013-1849, CVE-2013-1846, and CVE-2013-1847 issues only caused a temporary denial of service, as the Apache HTTP Server started a new process to replace the crashed child process. When using prefork MPM, the crash only affected the attacker. When using worker (threaded) MPM, the connections of other users may have been interrupted. Red Hat would like to thank the Apache Subversion project for reporting these issues. Upstream acknowledges Alexander Klink as the original reporter of CVE-2013-1845; Ben Reser as the original reporter of CVE-2013-1846; and Philip Martin and Ben Reser as the original reporters of CVE-2013-1847. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to applythis update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 929082 - CVE-2013-1845 Subversion (mod_dav_svn): DoS (excessive memory use) when large number of properties are set or deleted 929087 - CVE-2013-1846 Subversion (mod_dav_svn): DoS (crash) via LOCK requests against an activity URL 929090 - CVE-2013-1847 Subversion (mod_dav_svn): DoS (crash) via LOCK requests against a non-existent URL 929093 - CVE-2013-1849 Subversion (mod_dav_svn): DoS (crash) via PROPFIND request made against activity URLs 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: i386: mod_dav_svn-1.6.11-11.el5_9.i386.rpm subversion-1.6.11-11.el5_9.i386.rpm subversion-debuginfo-1.6.11-11.el5_9.i386.rpm subversion-devel-1.6.11-11.el5_9.i386.rpm subversion-javahl-1.6.11-11.el5_9.i386.rpm subversion-perl-1.6.11-11.el5_9.i386.rpm subversion-ruby-1.6.11-11.el5_9.i386.rpm x86_64: mod_dav_svn-1.6.11-11.el5_9.x86_64.rpm subversion-1.6.11-11.el5_9.i386.rpm subversion-1.6.11-11.el5_9.x86_64.rpm subversion-debuginfo-1.6.11-11.el5_9.i386.rpm subversion-debuginfo-1.6.11-11.el5_9.x86_64.rpm subversion-devel-1.6.11-11.el5_9.i386.rpm subversion-devel-1.6.11-11.el5_9.x86_64.rpm subversion-javahl-1.6.11-11.el5_9.x86_64.rpm subversion-perl-1.6.11-11.el5_9.x86_64.rpm subversion-ruby-1.6.11-11.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: mod_dav_svn-1.6.11-11.el5_9.i386.rpm subversion-1.6.11-11.el5_9.i386.rpm subversion-debuginfo-1.6.11-11.el5_9.i386.rpm subversion-devel-1.6.11-11.el5_9.i386.rpm subversion-javahl-1.6.11-11.el5_9.i386.rpm subversion-perl-1.6.11-11.el5_9.i386.rpm subversion-ruby-1.6.11-11.el5_9.i386.rpm ia64: mod_dav_svn-1.6.11-11.el5_9.ia64.rpm subversion-1.6.11-11.el5_9.ia64.rpm subversion-debuginfo-1.6.11-11.el5_9.ia64.rpm subversion-devel-1.6.11-11.el5_9.ia64.rpm subversion-javahl-1.6.11-11.el5_9.ia64.rpm subversion-perl-1.6.11-11.el5_9.ia64.rpm subversion-ruby-1.6.11-11.el5_9.ia64.rpm ppc: mod_dav_svn-1.6.11-11.el5_9.ppc.rpm subversion-1.6.11-11.el5_9.ppc.rpm subversion-1.6.11-11.el5_9.ppc64.rpm subversion-debuginfo-1.6.11-11.el5_9.ppc.rpm subversion-debuginfo-1.6.11-11.el5_9.ppc64.rpm subversion-devel-1.6.11-11.el5_9.ppc.rpm subversion-devel-1.6.11-11.el5_9.ppc64.rpm subversion-javahl-1.6.11-11.el5_9.ppc.rpm subversion-perl-1.6.11-11.el5_9.ppc.rpm subversion-ruby-1.6.11-11.el5_9.ppc.rpm s390x: mod_dav_svn-1.6.11-11.el5_9.s390x.rpm subversion-1.6.11-11.el5_9.s390.rpm subversion-1.6.11-11.el5_9.s390x.rpm subversion-debuginfo-1.6.11-11.el5_9.s390.rpm subversion-debuginfo-1.6.11-11.el5_9.s390x.rpm subversion-devel-1.6.11-11.el5_9.s390.rpm subversion-devel-1.6.11-11.el5_9.s390x.rpm subversion-javahl-1.6.11-11.el5_9.s390x.rpm subversion-perl-1.6.11-11.el5_9.s390x.rpm subversion-ruby-1.6.11-11.el5_9.s390x.rpm x86_64: mod_dav_svn-1.6.11-11.el5_9.x86_64.rpm subversion-1.6.11-11.el5_9.i386.rpm subversion-1.6.11-11.el5_9.x86_64.rpm subversion-debuginfo-1.6.11-11.el5_9.i386.rpm subversion-debuginfo-1.6.11-11.el5_9.x86_64.rpm subversion-devel-1.6.11-11.el5_9.i386.rpm subversion-devel-1.6.11-11.el5_9.x86_64.rpm subversion-javahl-1.6.11-11.el5_9.x86_64.rpm subversion-perl-1.6.11-11.el5_9.x86_64.rpm subversion-ruby-1.6.11-11.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v.6): Source: i386: mod_dav_svn-1.6.11-9.el6_4.i686.rpm subversion-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-devel-1.6.11-9.el6_4.i686.rpm subversion-gnome-1.6.11-9.el6_4.i686.rpm subversion-javahl-1.6.11-9.el6_4.i686.rpm subversion-kde-1.6.11-9.el6_4.i686.rpm subversion-perl-1.6.11-9.el6_4.i686.rpm subversion-ruby-1.6.11-9.el6_4.i686.rpm noarch: subversion-svn2cl-1.6.11-9.el6_4.noarch.rpm x86_64: mod_dav_svn-1.6.11-9.el6_4.x86_64.rpm subversion-1.6.11-9.el6_4.i686.rpm subversion-1.6.11-9.el6_4.x86_64.rpm subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.x86_64.rpm subversion-devel-1.6.11-9.el6_4.i686.rpm subversion-devel-1.6.11-9.el6_4.x86_64.rpm subversion-gnome-1.6.11-9.el6_4.i686.rpm subversion-gnome-1.6.11-9.el6_4.x86_64.rpm subversion-javahl-1.6.11-9.el6_4.i686.rpm subversion-javahl-1.6.11-9.el6_4.x86_64.rpm subversion-kde-1.6.11-9.el6_4.i686.rpm subversion-kde-1.6.11-9.el6_4.x86_64.rpm subversion-perl-1.6.11-9.el6_4.i686.rpm subversion-perl-1.6.11-9.el6_4.x86_64.rpm subversion-ruby-1.6.11-9.el6_4.i686.rpm subversion-ruby-1.6.11-9.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: noarch: subversion-svn2cl-1.6.11-9.el6_4.noarch.rpm x86_64: mod_dav_svn-1.6.11-9.el6_4.x86_64.rpm subversion-1.6.11-9.el6_4.i686.rpm subversion-1.6.11-9.el6_4.x86_64.rpm subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.x86_64.rpm subversion-devel-1.6.11-9.el6_4.i686.rpm subversion-devel-1.6.11-9.el6_4.x86_64.rpm subversion-gnome-1.6.11-9.el6_4.i686.rpm subversion-gnome-1.6.11-9.el6_4.x86_64.rpm subversion-javahl-1.6.11-9.el6_4.i686.rpm subversion-javahl-1.6.11-9.el6_4.x86_64.rpm subversion-kde-1.6.11-9.el6_4.i686.rpm subversion-kde-1.6.11-9.el6_4.x86_64.rpm subversion-perl-1.6.11-9.el6_4.i686.rpm subversion-perl-1.6.11-9.el6_4.x86_64.rpm subversion-ruby-1.6.11-9.el6_4.i686.rpm subversion-ruby-1.6.11-9.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: mod_dav_svn-1.6.11-9.el6_4.i686.rpm subversion-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-javahl-1.6.11-9.el6_4.i686.rpm ppc64: mod_dav_svn-1.6.11-9.el6_4.ppc64.rpm subversion-1.6.11-9.el6_4.ppc.rpm subversion-1.6.11-9.el6_4.ppc64.rpm subversion-debuginfo-1.6.11-9.el6_4.ppc.rpm subversion-debuginfo-1.6.11-9.el6_4.ppc64.rpm s390x: mod_dav_svn-1.6.11-9.el6_4.s390x.rpm subversion-1.6.11-9.el6_4.s390.rpm subversion-1.6.11-9.el6_4.s390x.rpm subversion-debuginfo-1.6.11-9.el6_4.s390.rpm subversion-debuginfo-1.6.11-9.el6_4.s390x.rpm x86_64: mod_dav_svn-1.6.11-9.el6_4.x86_64.rpm subversion-1.6.11-9.el6_4.i686.rpm subversion-1.6.11-9.el6_4.x86_64.rpm subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.x86_64.rpm subversion-javahl-1.6.11-9.el6_4.i686.rpm subversion-javahl-1.6.11-9.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-devel-1.6.11-9.el6_4.i686.rpm subversion-gnome-1.6.11-9.el6_4.i686.rpm subversion-kde-1.6.11-9.el6_4.i686.rpm subversion-perl-1.6.11-9.el6_4.i686.rpm subversion-ruby-1.6.11-9.el6_4.i686.rpm noarch: subversion-svn2cl-1.6.11-9.el6_4.noarch.rpm ppc64: subversion-debuginfo-1.6.11-9.el6_4.ppc.rpm subversion-debuginfo-1.6.11-9.el6_4.ppc64.rpm subversion-devel-1.6.11-9.el6_4.ppc.rpm subversion-devel-1.6.11-9.el6_4.ppc64.rpm subversion-gnome-1.6.11-9.el6_4.ppc.rpm subversion-gnome-1.6.11-9.el6_4.ppc64.rpm subversion-javahl-1.6.11-9.el6_4.ppc.rpm subversion-javahl-1.6.11-9.el6_4.ppc64.rpm subversion-kde-1.6.11-9.el6_4.ppc.rpm subversion-kde-1.6.11-9.el6_4.ppc64.rpm subversion-perl-1.6.11-9.el6_4.ppc.rpm subversion-perl-1.6.11-9.el6_4.ppc64.rpm subversion-ruby-1.6.11-9.el6_4.ppc.rpm subversion-ruby-1.6.11-9.el6_4.ppc64.rpm s390x: subversion-debuginfo-1.6.11-9.el6_4.s390.rpm subversion-debuginfo-1.6.11-9.el6_4.s390x.rpm subversion-devel-1.6.11-9.el6_4.s390.rpm subversion-devel-1.6.11-9.el6_4.s390x.rpm subversion-gnome-1.6.11-9.el6_4.s390.rpm subversion-gnome-1.6.11-9.el6_4.s390x.rpm subversion-javahl-1.6.11-9.el6_4.s390.rpm subversion-javahl-1.6.11-9.el6_4.s390x.rpm subversion-kde-1.6.11-9.el6_4.s390.rpm subversion-kde-1.6.11-9.el6_4.s390x.rpm subversion-perl-1.6.11-9.el6_4.s390.rpm subversion-perl-1.6.11-9.el6_4.s390x.rpm subversion-ruby-1.6.11-9.el6_4.s390.rpm subversion-ruby-1.6.11-9.el6_4.s390x.rpm x86_64: subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.x86_64.rpm subversion-devel-1.6.11-9.el6_4.i686.rpm subversion-devel-1.6.11-9.el6_4.x86_64.rpm subversion-gnome-1.6.11-9.el6_4.i686.rpm subversion-gnome-1.6.11-9.el6_4.x86_64.rpm subversion-kde-1.6.11-9.el6_4.i686.rpm subversion-kde-1.6.11-9.el6_4.x86_64.rpm subversion-perl-1.6.11-9.el6_4.i686.rpm subversion-perl-1.6.11-9.el6_4.x86_64.rpm subversion-ruby-1.6.11-9.el6_4.i686.rpm subversion-ruby-1.6.11-9.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation(v. 6): Source: i386: mod_dav_svn-1.6.11-9.el6_4.i686.rpm subversion-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-javahl-1.6.11-9.el6_4.i686.rpm x86_64: mod_dav_svn-1.6.11-9.el6_4.x86_64.rpm subversion-1.6.11-9.el6_4.i686.rpm subversion-1.6.11-9.el6_4.x86_64.rpm subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.x86_64.rpm subversion-javahl-1.6.11-9.el6_4.i686.rpm subversion-javahl-1.6.11-9.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-devel-1.6.11-9.el6_4.i686.rpm subversion-gnome-1.6.11-9.el6_4.i686.rpm subversion-kde-1.6.11-9.el6_4.i686.rpm subversion-perl-1.6.11-9.el6_4.i686.rpm subversion-ruby-1.6.11-9.el6_4.i686.rpm noarch: subversion-svn2cl-1.6.11-9.el6_4.noarch.rpm x86_64: subversion-debuginfo-1.6.11-9.el6_4.i686.rpm subversion-debuginfo-1.6.11-9.el6_4.x86_64.rpm subversion-devel-1.6.11-9.el6_4.i686.rpm subversion-devel-1.6.11-9.el6_4.x86_64.rpm subversion-gnome-1.6.11-9.el6_4.i686.rpm subversion-gnome-1.6.11-9.el6_4.x86_64.rpm subversion-kde-1.6.11-9.el6_4.i686.rpm subversion-kde-1.6.11-9.el6_4.x86_64.rpm subversion-perl-1.6.11-9.el6_4.i686.rpm subversion-perl-1.6.11-9.el6_4.x86_64.rpm subversion-ruby-1.6.11-9.el6_4.i686.rpm subversion-ruby-1.6.11-9.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2013-1845 https://access.redhat.com/security/cve/CVE-2013-1846 https://access.redhat.com/security/cve/CVE-2013-1847 https://access.redhat.com/security/cve/CVE-2013-1849 https://access.redhat.com/security/updates/classification#moderate https://subversion.apache.org/security/CVE-2013-1849-advisory.txt https://subversion.apache.org/security/CVE-2013-1845-advisory.txt https://subversion.apache.org/security/CVE-2013-1846-advisory.txt https://subversion.apache.org/security/CVE-2013-1847-advisory.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRZvjgXlSAg2UNWIIRAlJRAJ0XpPuqXLUagfYKve2M4JaQeS2hDQCfSE7V UBZRpRBvOey4KRgVi88F4C8=LnOt -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 11, 2013
Red Hat
200
security advisorymoderatesecurity updateScientific Linux: 2011-06-08 Moderate Advisory for Subversion HTTP Crash
Moderate: subversion security update. Date: Wed, 8 Jun 2011 16:12:52 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: subversion on SL4.x i386/x86_64 Comments: To: "
Jun 08, 2011
Scientific Linux
200
security advisorysubversionmemory leakScientific Linux: CVE-2010-4539 Moderate: Subversion Memory Leak and Crash
Moderate: subversion security update. Date: Thu, 17 Feb 2011 15:35:40 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: subversion on SL5.x i386/x86_64 Comments: To: "
Feb 17, 2011
Scientific Linux
89
security advisorysecurity fixFedora CoreFedora Core 2: FEDORA-2004-309 Critical: Secure Coding in Apr-Util Library
Testing using the Codenomicon HTTP Test Tool performed by the ApacheSoftware Foundation security group and Red Hat uncovered an inputvalidation issue in the IPv6 URI parsing routines in the apr-utillibrary.. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-308 2004-09-16 --------------------------------------------------------------------- Product : Fedora Core 2 Name : apr-util Version : 0.9.4 Release : 14.2 Summary : Apache Portable Runtime Utility library Description : The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. --------------------------------------------------------------------- Update Information: Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0786 to this issue. This update includes a backported fix for this issue. --------------------------------------------------------------------- * Tue Sep 14 2004 Joe Orton 0.9.4-14.2 - add security fix for CAN-2004-0786 --------------------------------------------------------------------- This update can be downloaded from: 707beabca3584d07dbcd3614b80093cb SRPMS/apr-util-0.9.4-14.2.src.rpm 902896dacdd450d100949c5a5af98f93 x86_64/apr-util-0.9.4-14.2.x86_64.rpm 58781e97602be02bb0b37d7039aaed78 x86_64/apr-util-devel-0.9.4-14.2.x86_64.rpm 02ef6a9f2c5651c7db6cd33432b86058 x86_64/debug/apr-util-debuginfo-0.9.4-14.2.x86_64.rpm 70b1159aff827af2930b5488064c4a00 i386/apr-util-0.9.4-14.2.i386.rpm f602170d5cf714238b2a91f4ce4ae052 i386/apr-util-devel-0.9.4-14.2.i386.rpm d9b03f13abf22c32ac291da2ce2a5a10 i386/debug/apr-util-debuginfo-0.9.4-14.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list mailing list
Sep 16, 2004
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!