User: Password:
|
|
Subscribe / Log in / New account

Pardus alert 2011-109 (subversion)

From:  Meltem Parmaksız <meltem@pardus.org.tr>
To:  pardus-security@pardus.org.tr
Subject:  [Pardus-security] [PLSA 2011-109] Subversion: Multible Vulnerabilities
Date:  Mon, 5 Sep 2011 14:52:46 +0300
Message-ID:  <201109051452.47049.meltem@pardus.org.tr>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-109 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilties have been fixed in subversion. Description =========== CVE-2011-1752 : The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. CVE-2011-1783 : The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. CVE-2011-1921 : The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. Affected packages: Pardus 2009: subversion, all before 1.6.15-62-22 Pardus 2011: subversion, all before 1.6.17-68-p11 Resolution ========== There are update(s) for subversion. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up subversion Pardus 2011: pisi up subversion References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18846 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds