LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SUSE alert SUSE-SU-2011:0691-1 (subversion)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-security-announce@opensuse.org 


Subject:
    	      [security-announce] SUSE-SU-2011:0691-1: important: subversion 


Date:
    	      Fri, 24 Jun 2011 20:08:19 +0200 (CEST)


Message-ID:
    	      <20110624180820.01C8F32359@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   SUSE Security Update: subversion
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0691-1
Rating:             important
References:         #676949 #688968 #698205 
Cross-References:   CVE-2011-0715 CVE-2011-1752 CVE-2011-1783
                    CVE-2011-1921
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP1
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:


   Subversion was updated to fix several security issues:

   * CVE-2011-1752: The mod_dav_svn Apache HTTPD server
   module can be crashed though when asked to deliver
   baselined WebDAV resources.
   * CVE-2011-1783: The mod_dav_svn Apache HTTPD server
   module can trigger a loop which consumes all available
   memory on the system.
   * CVE-2011-1921: The mod_dav_svn Apache HTTPD server
   module may leak to remote users the file contents of files
   configured to be unreadable by those users.
   * CVE-2011-0715: Remote attackers could crash an svn
   server by causing a NULL deref

   Security Issue references:

   * CVE-2011-1752
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752
   >
   * CVE-2011-1783
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783
   >
   * CVE-2011-1921
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921
   >
   * CVE-2011-0715
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP1:

      zypper in -t patch sdksp1-subversion-4691

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):

      subversion-1.5.7-0.10.1
      subversion-devel-1.5.7-0.10.1
      subversion-perl-1.5.7-0.10.1
      subversion-python-1.5.7-0.10.1
      subversion-server-1.5.7-0.10.1
      subversion-tools-1.5.7-0.10.1


References:

   http://support.novell.com/security/cve/CVE-2011-0715.html
   http://support.novell.com/security/cve/CVE-2011-1752.html
   http://support.novell.com/security/cve/CVE-2011-1783.html
   http://support.novell.com/security/cve/CVE-2011-1921.html
   https://bugzilla.novell.com/676949
   https://bugzilla.novell.com/688968
   https://bugzilla.novell.com/698205
   http://download.novell.com/patch/finder/?keywords=042ece1...

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds