Login
Newsletter
Werbung

Sicherheit: Denial of Service in Subversion
Aktuelle Meldungen Distributionen
Name: Denial of Service in Subversion
ID: FEDORA-2014-3567
Distribution: Fedora
Plattformen: Fedora 19
Datum: So, 16. März 2014, 12:41
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
Applikationen: Subversion

Originalnachricht

Name        : subversion
Product : Fedora 19
Version : 1.7.16
Release : 1.fc19
URL : http://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

-------------------------------------------------------------------------------
-
Update Information:

This update includes the latest stable release of Apache Subversion 1.7, fixing
a security issue (CVE-2014-0032):

Subversion's mod_dav_svn Apache HTTPD server module will crash when it
receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on.

This can lead to a DoS. There are no known instances of this problem being
exploited in the wild, but the details of how to exploit it have been disclosed on the Subversion development mailing list.

For more information, see:

https://subversion.apache.org/security/CVE-2014-0032-advisory.txt

A number of client-side bug fixes are included in this update:

* copy: fix some scenarios that broke the working copy
* diff: fix regressions due to fixes in 1.7.14

One server-side bug fixes is also included:

* reduce memory usage during checkout and export

-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Mar 3 2014 Joe Orton <jorton@redhat.com> - 1.7.16-1
- update to 1.7.16
* Tue Nov 26 2013 Joe Orton <jorton@redhat.com> - 1.7.14-1
- update to 1.7.14 (#1034377)
* Tue Sep 3 2013 Joe Orton <jorton@redhat.com> - 1.7.13-1
- update to 1.7.13 (#1003070)
- move bash completions out of /etc (#922993)
* Thu Jul 25 2013 Joe Orton <jorton@redhat.com> - 1.7.11-1
- update to 1.7.11
- use full relro in mod_dav_svn build (#973694)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1062042 - CVE-2014-0032 subversion: mod_dav_svn crash when
handling certain requests with SVNListParentPath on
https://bugzilla.redhat.com/show_bug.cgi?id=1062042
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung