LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2013:152: subversion Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been found and corrected in subversion: Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:152
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : subversion
 Date    : April 26, 2013
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in subversion:
 
 Subversion's mod_dav_svn Apache HTTPD server module will use excessive
 amounts of memory when a large number of properties are set or deleted
 on a node. This can lead to a DoS. There are no known instances of
 this problem being observed in the wild (CVE-2013-1845).
 
 Subversion's mod_dav_svn Apache HTTPD server module will crash when
 a LOCK request is made against activity URLs. This can lead to a
 DoS. There are no known instances of this problem being observed in
 the wild (CVE-2013-1846).
 
 Subversion's mod_dav_svn Apache HTTPD server module will crash in
 some circumstances when a LOCK request is made against a non-existent
 URL. This can lead to a DoS. There are no known instances of this
 problem being observed in the wild (CVE-2013-1847).
 
 Subversion's mod_dav_svn Apache HTTPD server module will crash when
 a PROPFIND request is made against activity URLs. This can lead to a
 DoS. There are no known instances of this problem being observed in
 the wild, but the details of how to exploit it have been disclosed
 on the full disclosure mailing list (CVE-2013-1849).
 
 The updated packages have been upgraded to the 1.6.21 version which
 is not affected by these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
 http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
 http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
 http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
 http://subversion.apache.org/security/CVE-2013-1849-advisory.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 01ca2eecdec867e6482b72d56d59f297  mes5/i586/apache-mod_dav_svn-1.6.21-0.1mdvmes5.2.i586.rpm
 f4858616ec625b76632955a3c4f0201b  mes5/i586/apache-mod_dontdothat-1.6.21-0.1mdvmes5.2.i586.rpm
 81375e280a20a0cae8b95f15779b50c9  mes5/i586/libsvn0-1.6.21-0.1mdvmes5.2.i586.rpm
 0194663a7aa650742c21b19535da7db9  mes5/i586/libsvnjavahl1-1.6.21-0.1mdvmes5.2.i586.rpm
 bbd8cb1cb5016ff64d8c26bc35af98e5  mes5/i586/perl-SVN-1.6.21-0.1mdvmes5.2.i586.rpm
 9068de03c3d850b5bb050bc5a582d885  mes5/i586/python-svn-1.6.21-0.1mdvmes5.2.i586.rpm
 bc76933bb1f1349d37b889d8d3a5d1d5  mes5/i586/ruby-svn-1.6.21-0.1mdvmes5.2.i586.rpm
 a3674f9bd14e13cfb684821971112ee6  mes5/i586/subversion-1.6.21-0.1mdvmes5.2.i586.rpm
 bfab26ea3f2d5ecd55e5350fe7a6e6c0  mes5/i586/subversion-devel-1.6.21-0.1mdvmes5.2.i586.rpm
 20c206e8318bbc09cb289ced9de0812e  mes5/i586/subversion-doc-1.6.21-0.1mdvmes5.2.i586.rpm
 255c1ba61e91a945257640270cc1de73  mes5/i586/subversion-server-1.6.21-0.1mdvmes5.2.i586.rpm
 9c6743ee825f3f9d71e98c6007c17de5  mes5/i586/subversion-tools-1.6.21-0.1mdvmes5.2.i586.rpm
 4f88ebb8caf198a907a3b861e1bf8683  mes5/i586/svn-javahl-1.6.21-0.1mdvmes5.2.i586.rpm 
 6d6973f61a318530b78046f115ea0d64  mes5/SRPMS/subversion-1.6.21-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 19813fb2e9b28a368f8ba8c1637cdefb  mes5/x86_64/apache-mod_dav_svn-1.6.21-0.1mdvmes5.2.x86_64.rpm
 477c2bc44a5a59365d0b199b2aec30e0  mes5/x86_64/apache-mod_dontdothat-1.6.21-0.1mdvmes5.2.x86_64.rpm
 ff0fda86a6ca2d989b26d06a239e104e  mes5/x86_64/lib64svn0-1.6.21-0.1mdvmes5.2.x86_64.rpm
 b0f45a52e0cb62518fd2eba747f7296f  mes5/x86_64/lib64svnjavahl1-1.6.21-0.1mdvmes5.2.x86_64.rpm
 73475d40bce1b1bed2d09ed384a7dadd  mes5/x86_64/perl-SVN-1.6.21-0.1mdvmes5.2.x86_64.rpm
 26bc46bfb6f2eb419a60cd8eb24695fb  mes5/x86_64/python-svn-1.6.21-0.1mdvmes5.2.x86_64.rpm
 651048764744b4813bb7028ded94b670  mes5/x86_64/ruby-svn-1.6.21-0.1mdvmes5.2.x86_64.rpm
 41c4d3fc4ebb30df80cafb372d51eff1  mes5/x86_64/subversion-1.6.21-0.1mdvmes5.2.x86_64.rpm
 7d33856690ade09f91de86a70702a0ba  mes5/x86_64/subversion-devel-1.6.21-0.1mdvmes5.2.x86_64.rpm
 b1cfdbf4d1fa023640e59b709a114ad0  mes5/x86_64/subversion-doc-1.6.21-0.1mdvmes5.2.x86_64.rpm
 4e35ad407cffa9cfee09dc02675d99f9  mes5/x86_64/subversion-server-1.6.21-0.1mdvmes5.2.x86_64.rpm
 7723aa67d59f81fa693ba6a2e34b507a  mes5/x86_64/subversion-tools-1.6.21-0.1mdvmes5.2.x86_64.rpm
 85e266caa0ae80bbc8416fd8038f32b2  mes5/x86_64/svn-javahl-1.6.21-0.1mdvmes5.2.x86_64.rpm 
 6d6973f61a318530b78046f115ea0d64  mes5/SRPMS/subversion-1.6.21-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
State-of-the-art spear phishing and defenses
Linux kernel source code repositories get better security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.