| |||||||||||||||||||
Pardus alert 2011-32 (subversion mod_dav_svn)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-32 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-12 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability was found in subversion, which can be exploited by malicious people to cause denial of service Description =========== CVE-2010-4539: The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. CVE-2010-4644: Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Affected packages: Pardus 2009: subversion, all before 1.6.15-60-20 mod_dav_svn, all before 1.6.15-60-20 Resolution ========== There are update(s) for subversion, mod_dav_svn. You can update them via Package Manager or with a single command from console: pisi up subversion mod_dav_svn References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=15976 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||