LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2013:153: subversion Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been found and corrected in subversion: Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:153
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : subversion
 Date    : April 26, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in subversion:
 
 Subversion's mod_dav_svn Apache HTTPD server module will use excessive
 amounts of memory when a large number of properties are set or deleted
 on a node. This can lead to a DoS. There are no known instances of
 this problem being observed in the wild (CVE-2013-1845).
 
 Subversion's mod_dav_svn Apache HTTPD server module will crash when
 a LOCK request is made against activity URLs. This can lead to a
 DoS. There are no known instances of this problem being observed in
 the wild (CVE-2013-1846).
 
 Subversion's mod_dav_svn Apache HTTPD server module will crash in
 some circumstances when a LOCK request is made against a non-existent
 URL. This can lead to a DoS. There are no known instances of this
 problem being observed in the wild (CVE-2013-1847).
 
 Subversion's mod_dav_svn Apache HTTPD server module will crash when
 a PROPFIND request is made against activity URLs. This can lead to a
 DoS. There are no known instances of this problem being observed in
 the wild, but the details of how to exploit it have been disclosed
 on the full disclosure mailing list (CVE-2013-1849).
 
 Subversion's mod_dav_svn Apache HTTPD server module will crash when
 a log REPORT request receives a limit that is out of the allowed
 range. This can lead to a DoS. There are no known instances of this
 problem being used as a DoS in the wild (CVE-2013-1884).
 
 The updated packages have been upgraded to the 1.7.9 version which
 is not affected by these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884
 http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
 http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
 http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
 http://subversion.apache.org/security/CVE-2013-1849-advisory.txt
 http://subversion.apache.org/security/CVE-2013-1884-advisory.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 5ce768e2fb87f929434ef1523af5f071  mbs1/x86_64/apache-mod_dav_svn-1.7.9-0.1.mbs1.x86_64.rpm
 fee5a24ddf1f71b779a4dafe8798b485  mbs1/x86_64/lib64svn0-1.7.9-0.1.mbs1.x86_64.rpm
 96dea89acc95859c1f702b61d523a0fc  mbs1/x86_64/lib64svn-gnome-keyring0-1.7.9-0.1.mbs1.x86_64.rpm
 51a0fdeeb2fa19ed4bb30425d65600c1  mbs1/x86_64/lib64svnjavahl1-1.7.9-0.1.mbs1.x86_64.rpm
 04e18cbeb0f37df16834201404e2bf63  mbs1/x86_64/perl-SVN-1.7.9-0.1.mbs1.x86_64.rpm
 20d1650aa89db3d90be1e29cff922969  mbs1/x86_64/perl-svn-devel-1.7.9-0.1.mbs1.x86_64.rpm
 c06608b6f9b2d7a071a4cd26e98f1509  mbs1/x86_64/python-svn-1.7.9-0.1.mbs1.x86_64.rpm
 737c19de39f6b423c9896915de707b5c  mbs1/x86_64/python-svn-devel-1.7.9-0.1.mbs1.x86_64.rpm
 5ef1ba9b11b30da2c44a7460c778e914  mbs1/x86_64/ruby-svn-1.7.9-0.1.mbs1.x86_64.rpm
 b48654f667bc791c33cc4e733ff5703c  mbs1/x86_64/ruby-svn-devel-1.7.9-0.1.mbs1.x86_64.rpm
 21c38964a176a5019f96068db6451b98  mbs1/x86_64/subversion-1.7.9-0.1.mbs1.x86_64.rpm
 5ae9deda5675d71ff640be147a348be9  mbs1/x86_64/subversion-devel-1.7.9-0.1.mbs1.x86_64.rpm
 e0619bb815343f3b95c5d9a6f13c0e70  mbs1/x86_64/subversion-doc-1.7.9-0.1.mbs1.x86_64.rpm
 c7220afc2ec2488209ffa2fbd58e001d  mbs1/x86_64/subversion-gnome-keyring-devel-1.7.9-0.1.mbs1.x86_64.rpm
 930d7ad076e0d1090f0a915c9e83d0df  mbs1/x86_64/subversion-server-1.7.9-0.1.mbs1.x86_64.rpm
 34c88101115b1b50500b57686c335933  mbs1/x86_64/subversion-tools-1.7.9-0.1.mbs1.x86_64.rpm
 615cd168dbbf2f465b5163f3a6bb98f0  mbs1/x86_64/svn-javahl-1.7.9-0.1.mbs1.x86_64.rpm 
 7cd8e2e90870fb9f42bb3c902db97edf  mbs1/SRPMS/subversion-1.7.9-0.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Why Russian hackers are beating us
DQ Breach? HQ Says No, But Would it Know?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.