drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Subversion
Name: |
Denial of Service in Subversion |
|
ID: |
FEDORA-2014-3567 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
So, 16. März 2014, 12:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032 |
|
Applikationen: |
Subversion |
|
Originalnachricht |
Name : subversion Product : Fedora 19 Version : 1.7.16 Release : 1.fc19 URL : http://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.
------------------------------------------------------------------------------- - Update Information:
This update includes the latest stable release of Apache Subversion 1.7, fixing a security issue (CVE-2014-0032):
Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on.
This can lead to a DoS. There are no known instances of this problem being exploited in the wild, but the details of how to exploit it have been disclosed on the Subversion development mailing list.
For more information, see:
https://subversion.apache.org/security/CVE-2014-0032-advisory.txt
A number of client-side bug fixes are included in this update:
* copy: fix some scenarios that broke the working copy
* diff: fix regressions due to fixes in 1.7.14
One server-side bug fixes is also included:
* reduce memory usage during checkout and export
------------------------------------------------------------------------------- - ChangeLog:
* Mon Mar 3 2014 Joe Orton <jorton@redhat.com> - 1.7.16-1 - update to 1.7.16 * Tue Nov 26 2013 Joe Orton <jorton@redhat.com> - 1.7.14-1 - update to 1.7.14 (#1034377) * Tue Sep 3 2013 Joe Orton <jorton@redhat.com> - 1.7.13-1 - update to 1.7.13 (#1003070) - move bash completions out of /etc (#922993) * Thu Jul 25 2013 Joe Orton <jorton@redhat.com> - 1.7.11-1 - update to 1.7.11 - use full relro in mod_dav_svn build (#973694) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1062042 - CVE-2014-0032 subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on https://bugzilla.redhat.com/show_bug.cgi?id=1062042 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|