LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SUSE alert SUSE-SU-2011:0692-1 (subversion)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-security-announce@opensuse.org 


Subject:
    	      [security-announce] SUSE-SU-2011:0692-1: important: subversion 


Date:
    	      Fri, 24 Jun 2011 21:08:14 +0200 (CEST)


Message-ID:
    	      <20110624190814.4D15832359@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   SUSE Security Update: subversion
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0692-1
Rating:             important
References:         #676949 #698205 
Cross-References:   CVE-2011-0715 CVE-2011-1752 CVE-2011-1783
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
                    SLE SDK 10 SP3
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   Subversion was updated to fix several security issues:

   * CVE-2011-1752: The mod_dav_svn Apache HTTPD server
   module can be crashed though when asked to deliver
   baselined WebDAV resources.
   * CVE-2011-1783: The mod_dav_svn Apache HTTPD server
   module can trigger a loop which consumes all available
   memory on the system.
   * CVE-2011-0715: Remote attackers could crash an svn
   server by causing a NULL deref

   Security Issue references:

   * CVE-2011-1752
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752
   >
   * CVE-2011-1783
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783
   >
   * CVE-2011-0715
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715
   >



Package List:

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      subversion-1.3.1-1.18.1
      subversion-devel-1.3.1-1.18.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      cvs2svn-1.3.0-30.18.1
      subversion-1.3.1-1.18.1
      subversion-devel-1.3.1-1.18.1
      subversion-python-1.3.1-1.18.1
      subversion-server-1.3.1-1.18.1
      subversion-tools-1.3.1-1.18.1
      viewcvs-1.0.5-0.18.1

   - SLE SDK 10 SP3 (i586 ia64 ppc s390x x86_64):

      cvs2svn-1.3.0-30.18.1
      subversion-1.3.1-1.18.1
      subversion-devel-1.3.1-1.18.1
      subversion-python-1.3.1-1.18.1
      subversion-server-1.3.1-1.18.1
      subversion-tools-1.3.1-1.18.1
      viewcvs-1.0.5-0.18.1


References:

   http://support.novell.com/security/cve/CVE-2011-0715.html
   http://support.novell.com/security/cve/CVE-2011-1752.html
   http://support.novell.com/security/cve/CVE-2011-1783.html
   https://bugzilla.novell.com/676949
   https://bugzilla.novell.com/698205
   http://download.novell.com/patch/finder/?keywords=39703f9...
   http://download.novell.com/patch/finder/?keywords=dc2a8d5...

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds