Debian: 2703-1: subversion: Multiple vulnerabilities
Posted by Benjamin D. Thomas   
Debian Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2703-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
June 09, 2013                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : subversion
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-1968 CVE-2013-2112
Debian Bug     : 711033

Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2013-1968

    Subversion repositories with the FSFS repository data store format
    can be corrupted by newline characters in filenames. A remote
    attacker with a malicious client could use this flaw to disrupt the
    service for other users using that repository.

CVE-2013-2112

    Subversion's svnserve server process may exit when an incoming TCP
    connection is closed early in the connection process. A remote
    attacker can cause svnserve to exit and thus deny service to users
    of the server.

For the oldstable distribution (squeeze), these problems have been fixed in
version 1.6.12dfsg-7.

For the stable distribution (wheezy), these problems have been fixed in
version 1.6.17dfsg-4+deb7u3.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your subversion packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----