ID

VAR-201106-0192

CVE

CVE-2011-1783

TITLE

Apache Subversion Used in Apache HTTP Server Service disruption in (DoS) Vulnerabilities

DESCRIPTION

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. Apache Subversion is prone to multiple vulnerabilities, including two denial-of-service issues and an information-disclosure issue. Attackers can exploit these issues to crash the application, exhaust all memory resources, or obtain potentially sensitive information. Versions prior to Subversion 1.6.17 are vulnerable. The server is fast, reliable and extensible through a simple API. The mod_dav_svn Apache HTTPD server module may in certain cenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a DoS (Denial Of Service) (CVE-2011-1783). The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users (CVE-2011-1921). Packages for 2009.0 are provided as of the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFN6cg2mqjQ0CJFipgRAqj2AKCRyKt813e0OmWSTU5bL58KCmUwowCfT6RY DDOtowgSctAg4EX+tLXIvRQ= =zsmM -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following: Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker in a privileged network position may intercept CardDAV data Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval. CVE-ID CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-3348 Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default. CVE-ID CVE-2011-3389 CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send the request to an incorrect origin server. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3447 : Erling Ellingsen of Facebook ColorSync Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative CoreAudio Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files. CVE-ID CVE-2011-3448 : Scott Stender of iSEC Partners CoreText Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of font files. CVE-ID CVE-2011-3449 : Will Dormann of the CERT/CC CoreUI Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3450 : Ben Syverson curl Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote server may be able to impersonate clients via GSSAPI requests Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation. CVE-ID CVE-2011-2192 Data Security Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue. dovecot Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. CVE-ID CVE-2011-3389 : Apple filecmds Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the 'uncompress' command line tool. CVE-ID CVE-2011-2895 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is address by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328 Internet Sharing Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update. CVE-ID CVE-2011-3452 : an anonymous researcher Libinfo Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook libresolv Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive libsecurity Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates. CVE-ID CVE-2011-3422 : Alastair Houghton OpenGL Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in PHP 5.3.6 Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-1148 CVE-2011-1657 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 CVE-2011-3182 CVE-2011-3189 CVE-2011-3267 CVE-2011-3268 PHP Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328 QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. CVE-ID CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FLC encoded movie files CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative SquirrelMail Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in SquirrelMail Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/ CVE-ID CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 Subversion Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.tigris.org/ CVE-ID CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 Time Machine Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote attacker may access new backups created by the user's system Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. CVE-ID CVE-2011-3462 : Michael Roitzsch of the Technische Universitat Dresden Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.32 Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2011-2204 WebDAV Sharing Available for: OS X Lion Server v10.7 to v10.7.2 Impact: Local users may obtain system privileges Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3463 : Gordon Davisson of Crywolf Webmail Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/ CVE-ID CVE-2011-2937 X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2021-001 or OS X v10.7.3. For OS X Lion v10.7.2 The download file is named: MacOSXUpd10.7.3.dmg Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c For OS X Lion v10.7 and v10.7.1 The download file is named: MacOSXUpdCombo10.7.3.dmg Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c For OS X Lion Server v10.7.2 The download file is named: MacOSXServerUpd10.7.3.dmg Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d For OS X Lion Server v10.7 and v10.7.1 The download file is named: MacOSXServerUpdCombo10.7.3.dmg Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b For Mac OS X v10.6.8 The download file is named: SecUpd2012-001Snow.dmg Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-001.dmg Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy 9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo= =c1eU -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Apache Subversion mod_dav_svn Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA44681 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44681/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44681 RELEASE DATE: 2011-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/44681/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44681/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44681 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Apache Subversion, which can be exploited by malicious people to cause a DoS (Denial of Service). PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor 2) The vendor credits Ivan Zhakov, VisualSVN. ORIGINAL ADVISORY: http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://subversion.apache.org/security/CVE-2011-1921-advisory.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Subversion: Multiple vulnerabilities Date: September 23, 2013 Bugs: #350166, #356741, #369065, #463728, #463860, #472202, #482166 ID: 201309-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information. Background ========== Subversion is a versioning system designed to be a replacement for CVS. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-vcs/subversion < 1.7.13 >= 1.7.13 Description =========== Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details. A local attacker could escalate his privileges to the user running svnserve. Workaround ========== There is no known workaround at this time. Resolution ========== All Subversion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13" References ========== [ 1 ] CVE-2010-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539 [ 2 ] CVE-2010-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644 [ 3 ] CVE-2011-0715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715 [ 4 ] CVE-2011-1752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752 [ 5 ] CVE-2011-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783 [ 6 ] CVE-2011-1921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921 [ 7 ] CVE-2013-1845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845 [ 8 ] CVE-2013-1846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846 [ 9 ] CVE-2013-1847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847 [ 10 ] CVE-2013-1849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849 [ 11 ] CVE-2013-1884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884 [ 12 ] CVE-2013-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968 [ 13 ] CVE-2013-2088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088 [ 14 ] CVE-2013-2112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112 [ 15 ] CVE-2013-4131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131 [ 16 ] CVE-2013-4277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2011:0862-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0862.html Issue date: 2011-06-08 CVE Names: CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 ===================================================================== 1. Summary: Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An infinite loop flaw was found in the way the mod_dav_svn module processed certain data sets. If the SVNPathAuthz directive was set to "short_circuit", and path-based access control for files and directories was enabled, a malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. (CVE-2011-1783) A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process serving the request to crash. (CVE-2011-1752) An information disclosure flaw was found in the way the mod_dav_svn module processed certain URLs when path-based access control for files and directories was enabled. A malicious, remote user could possibly use this flaw to access certain files in a repository that would otherwise not be accessible to them. Note: This vulnerability cannot be triggered if the SVNPathAuthz directive is set to "short_circuit". Upstream acknowledges Joe Schaefer of the Apache Software Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of VisualSVN as the original reporter of CVE-2011-1783; and Kamesh Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921. All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 709111 - CVE-2011-1752 subversion (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources 709112 - CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control 709114 - CVE-2011-1921 subversion (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm i386: mod_dav_svn-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-javahl-1.6.11-7.el5_6.4.i386.rpm subversion-perl-1.6.11-7.el5_6.4.i386.rpm subversion-ruby-1.6.11-7.el5_6.4.i386.rpm x86_64: mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.x86_64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm i386: mod_dav_svn-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-javahl-1.6.11-7.el5_6.4.i386.rpm subversion-perl-1.6.11-7.el5_6.4.i386.rpm subversion-ruby-1.6.11-7.el5_6.4.i386.rpm ia64: mod_dav_svn-1.6.11-7.el5_6.4.ia64.rpm subversion-1.6.11-7.el5_6.4.ia64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ia64.rpm subversion-devel-1.6.11-7.el5_6.4.ia64.rpm subversion-javahl-1.6.11-7.el5_6.4.ia64.rpm subversion-perl-1.6.11-7.el5_6.4.ia64.rpm subversion-ruby-1.6.11-7.el5_6.4.ia64.rpm ppc: mod_dav_svn-1.6.11-7.el5_6.4.ppc.rpm subversion-1.6.11-7.el5_6.4.ppc.rpm subversion-1.6.11-7.el5_6.4.ppc64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ppc.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ppc64.rpm subversion-devel-1.6.11-7.el5_6.4.ppc.rpm subversion-devel-1.6.11-7.el5_6.4.ppc64.rpm subversion-javahl-1.6.11-7.el5_6.4.ppc.rpm subversion-perl-1.6.11-7.el5_6.4.ppc.rpm subversion-ruby-1.6.11-7.el5_6.4.ppc.rpm s390x: mod_dav_svn-1.6.11-7.el5_6.4.s390x.rpm subversion-1.6.11-7.el5_6.4.s390.rpm subversion-1.6.11-7.el5_6.4.s390x.rpm subversion-debuginfo-1.6.11-7.el5_6.4.s390.rpm subversion-debuginfo-1.6.11-7.el5_6.4.s390x.rpm subversion-devel-1.6.11-7.el5_6.4.s390.rpm subversion-devel-1.6.11-7.el5_6.4.s390x.rpm subversion-javahl-1.6.11-7.el5_6.4.s390x.rpm subversion-perl-1.6.11-7.el5_6.4.s390x.rpm subversion-ruby-1.6.11-7.el5_6.4.s390x.rpm x86_64: mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.x86_64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm ppc64: mod_dav_svn-1.6.11-2.el6_1.4.ppc64.rpm subversion-1.6.11-2.el6_1.4.ppc.rpm subversion-1.6.11-2.el6_1.4.ppc64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm s390x: mod_dav_svn-1.6.11-2.el6_1.4.s390x.rpm subversion-1.6.11-2.el6_1.4.s390.rpm subversion-1.6.11-2.el6_1.4.s390x.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm i386: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm ppc64: subversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm subversion-devel-1.6.11-2.el6_1.4.ppc.rpm subversion-devel-1.6.11-2.el6_1.4.ppc64.rpm subversion-gnome-1.6.11-2.el6_1.4.ppc.rpm subversion-gnome-1.6.11-2.el6_1.4.ppc64.rpm subversion-javahl-1.6.11-2.el6_1.4.ppc.rpm subversion-javahl-1.6.11-2.el6_1.4.ppc64.rpm subversion-kde-1.6.11-2.el6_1.4.ppc.rpm subversion-kde-1.6.11-2.el6_1.4.ppc64.rpm subversion-perl-1.6.11-2.el6_1.4.ppc.rpm subversion-perl-1.6.11-2.el6_1.4.ppc64.rpm subversion-ruby-1.6.11-2.el6_1.4.ppc.rpm subversion-ruby-1.6.11-2.el6_1.4.ppc64.rpm s390x: subversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm subversion-devel-1.6.11-2.el6_1.4.s390.rpm subversion-devel-1.6.11-2.el6_1.4.s390x.rpm subversion-gnome-1.6.11-2.el6_1.4.s390.rpm subversion-gnome-1.6.11-2.el6_1.4.s390x.rpm subversion-javahl-1.6.11-2.el6_1.4.s390.rpm subversion-javahl-1.6.11-2.el6_1.4.s390x.rpm subversion-kde-1.6.11-2.el6_1.4.s390.rpm subversion-kde-1.6.11-2.el6_1.4.s390x.rpm subversion-perl-1.6.11-2.el6_1.4.s390.rpm subversion-perl-1.6.11-2.el6_1.4.s390x.rpm subversion-ruby-1.6.11-2.el6_1.4.s390.rpm subversion-ruby-1.6.11-2.el6_1.4.s390x.rpm x86_64: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm i386: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm x86_64: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1752.html https://www.redhat.com/security/data/cve/CVE-2011-1783.html https://www.redhat.com/security/data/cve/CVE-2011-1921.html https://access.redhat.com/security/updates/classification/#moderate http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://subversion.apache.org/security/CVE-2011-1921-advisory.txt 8. Contact: The Red Hat security contact is &lt;secalert@redhat.com&gt;. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN75utXlSAg2UNWIIRAuXgAJ9fhhY1xxC7jRZbLGZA6ENr3dnTBQCgkdf0 J9nA8MJRlM/XVtyj3mbVErg= =jujC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1752 The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. For the oldstable distribution (lenny), this problem has been fixed in version 1.5.1dfsg1-7. For the stable distribution (squeeze), this problem has been fixed in version 1.6.12dfsg-6. For the unstable distribution (sid), this problem has been fixed in version 1.6.17dfsg-1. ========================================================================== Ubuntu Security Notice USN-1144-1 June 06, 2011 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: An attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash or gain access to restricted files. Software Description: - subversion: Advanced version control system Details: Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain baselined WebDAV resource requests. (CVE-2011-1752) Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests. (CVE-2011-1921) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libapache2-svn 1.6.12dfsg-4ubuntu2.1 Ubuntu 10.10: libapache2-svn 1.6.12dfsg-1ubuntu1.3 Ubuntu 10.04 LTS: libapache2-svn 1.6.6dfsg-2ubuntu1.3 After a standard system update you need to restart any applications that use Subversion, such as Apache when using mod_dav_svn, to make all the necessary changes

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

&lt;br&gt;Joe Schaefer of Apache Software Foundation, Ivan Zhakov of VisualSVN, and Kamesh Jayachandran of CollabNet.

SOURCES

LAST UPDATE DATE

2025-01-27T22:28:06.622000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE