Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in Subversion
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Subversion
ID: MDVSA-2015:005
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Mo, 5. Januar 2015, 17:01
Referenzen: http://advisories.mageia.org/MGASA-2014-0545.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
Applikationen: Subversion

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1420464609-9206-4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:005
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : subversion
 Date    : January 5, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated subversion packages fix security vulnerabilities:
 
 A NULL pointer dereference flaw was found in the way mod_dav_svn
 handled REPORT requests. A remote, unauthenticated attacker could
 use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580).
 
 A NULL pointer dereference flaw was found in the way mod_dav_svn
 handled URIs for virtual transaction names. A remote, unauthenticated
 attacker could send a request for a virtual transaction name that
 does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
 http://advisories.mageia.org/MGASA-2014-0545.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 1f354ed65a056a0b70d9d2be13b02979 
 mbs1/x86_64/apache-mod_dav_svn-1.7.19-1.mbs1.x86_64.rpm
 3ae0fad77ef662db9cc15593e6b3e16c 
 mbs1/x86_64/lib64svn0-1.7.19-1.mbs1.x86_64.rpm
 086f52b7c9c2613a9dfdc2edd6456b87 
 mbs1/x86_64/lib64svn-gnome-keyring0-1.7.19-1.mbs1.x86_64.rpm
 08502b3288cb52bbdcad5e1de62d7da1 
 mbs1/x86_64/lib64svnjavahl1-1.7.19-1.mbs1.x86_64.rpm
 1b9e41016558998ccbf885a9d903efb9 
 mbs1/x86_64/perl-SVN-1.7.19-1.mbs1.x86_64.rpm
 24e7f603b2d9fa85e74688410a653cd9 
 mbs1/x86_64/perl-svn-devel-1.7.19-1.mbs1.x86_64.rpm
 ab734f1e83a67fc462ad73c1dd997782 
 mbs1/x86_64/python-svn-1.7.19-1.mbs1.x86_64.rpm
 1fa42a41ed0d14e925e22ebaae5e4588 
 mbs1/x86_64/python-svn-devel-1.7.19-1.mbs1.x86_64.rpm
 3a9e6f623b9d56c101105bebb94482f0 
 mbs1/x86_64/ruby-svn-1.7.19-1.mbs1.x86_64.rpm
 3226dac8aba329eb3ce55da46f876ba2 
 mbs1/x86_64/ruby-svn-devel-1.7.19-1.mbs1.x86_64.rpm
 4bedf492fa0684cdb22594e26994511f 
 mbs1/x86_64/subversion-1.7.19-1.mbs1.x86_64.rpm
 93e03dc4a459ce77bc7f9a597ecdd0e3 
 mbs1/x86_64/subversion-devel-1.7.19-1.mbs1.x86_64.rpm
 2f9467b156e9a560d06873eb0add5859 
 mbs1/x86_64/subversion-doc-1.7.19-1.mbs1.x86_64.rpm
 cb884252dd565d2df29645d7ab784728 
 mbs1/x86_64/subversion-gnome-keyring-devel-1.7.19-1.mbs1.x86_64.rpm
 d23255839ec971356cdcf831ee592374 
 mbs1/x86_64/subversion-server-1.7.19-1.mbs1.x86_64.rpm
 574b474f2eb518e0326f8975c354f19a 
 mbs1/x86_64/subversion-tools-1.7.19-1.mbs1.x86_64.rpm
 a4002b39cd679324b1b3274db3c41511 
 mbs1/x86_64/svn-javahl-1.7.19-1.mbs1.x86_64.rpm 
 64428cd0f639f7ec9dd033c04823f083  mbs1/SRPMS/subversion-1.7.19-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUqoNCmqjQ0CJFipgRAqwFAKCUALR1yu7OcAY6tP4LrYCdhQMJDACg7FG5
zlOOLTc8tjEXNuj5PnqflP0=
=huIz
-----END PGP SIGNATURE-----


------------=_1420464609-9206-4
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1420464609-9206-4--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung