BugTraq
[ MDVSA-2013:173 ] subversion Jun 13 2013 05:58PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:173
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : subversion
Date : June 13, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in subversion:

If a filename which contains a newline character (ASCII 0x0a)
is committed to a repository using the FSFS format, the resulting
revision is corrupt. This can lead to disruption for users of the
repository (CVE-2013-1968).

Subversion's svnserve server process may exit when an incoming TCP
connection is closed early in the connection process. This can lead
to disruption for users of the server (CVE-2013-2112).

This advisory provides the latest versions of subversion
(1.6.23/1.7.10) which is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112
http://subversion.apache.org/security/CVE-2013-1968-advisory.txt
http://subversion.apache.org/security/CVE-2013-2112-advisory.txt
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
131a0451a20a116151def1bb4240b102 mes5/i586/apache-mod_dav_svn-1.6.23-0.1mdvmes5.2.i586.rpm
eee20686ffae03646f8c849e33f44360 mes5/i586/apache-mod_dontdothat-1.6.23-0.1mdvmes5.2.i586.rpm
8440bcd1e593f325728ea6bd0a21f80d mes5/i586/libsvn0-1.6.23-0.1mdvmes5.2.i586.rpm
607748fe61df7f35d52bc82ec03c9a67 mes5/i586/libsvnjavahl1-1.6.23-0.1mdvmes5.2.i586.rpm
e6913bb295f8810d632dc699888a7e6a mes5/i586/perl-SVN-1.6.23-0.1mdvmes5.2.i586.rpm
ee552c9ebb20a8384a25dae7bbbb0816 mes5/i586/python-svn-1.6.23-0.1mdvmes5.2.i586.rpm
05961e48fc20f5303e9d49f4d6f715e5 mes5/i586/ruby-svn-1.6.23-0.1mdvmes5.2.i586.rpm
54dcdd8dcb2f953c511abeb4a19173f6 mes5/i586/subversion-1.6.23-0.1mdvmes5.2.i586.rpm
bfac1c0ea2758ce3e2b21ebfba53846e mes5/i586/subversion-devel-1.6.23-0.1mdvmes5.2.i586.rpm
f8568714332798f5488eb3da460e6dd9 mes5/i586/subversion-doc-1.6.23-0.1mdvmes5.2.i586.rpm
8ea846e80917df50536fece8bd792cea mes5/i586/subversion-server-1.6.23-0.1mdvmes5.2.i586.rpm
5f934c5019a060f3a55529e5dafd331e mes5/i586/subversion-tools-1.6.23-0.1mdvmes5.2.i586.rpm
0c6f70281c91a449cc2a84c1d555f72f mes5/i586/svn-javahl-1.6.23-0.1mdvmes5.2.i586.rpm
555d17a58efeced4a57efb33eadc39be mes5/SRPMS/subversion-1.6.23-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
50c81e373fe650024014f4308546ac17 mes5/x86_64/apache-mod_dav_svn-1.6.23-0.1mdvmes5.2.x86_64.rpm
729b85dff018808ed9ebd5a09cb46dab mes5/x86_64/apache-mod_dontdothat-1.6.23-0.1mdvmes5.2.x86_64.rpm
618a89de1ff48514b7d153b4375d5a0e mes5/x86_64/lib64svn0-1.6.23-0.1mdvmes5.2.x86_64.rpm
6755bee85225a0c029fd505e31f99e6f mes5/x86_64/lib64svnjavahl1-1.6.23-0.1mdvmes5.2.x86_64.rpm
4ded75c4e650788b18a937dac27548e1 mes5/x86_64/perl-SVN-1.6.23-0.1mdvmes5.2.x86_64.rpm
2c639f9f42c15ac323d46c2c26ceb5bd mes5/x86_64/python-svn-1.6.23-0.1mdvmes5.2.x86_64.rpm
beb83feaf1a7a6ca8120aa86279329ab mes5/x86_64/ruby-svn-1.6.23-0.1mdvmes5.2.x86_64.rpm
79e5c84f4f9200b7b708f87969e4e913 mes5/x86_64/subversion-1.6.23-0.1mdvmes5.2.x86_64.rpm
b070d1842ddae3c4b227d9396c3d48f2 mes5/x86_64/subversion-devel-1.6.23-0.1mdvmes5.2.x86_64.rpm
13ea5d25cce79b78555127c1639f0248 mes5/x86_64/subversion-doc-1.6.23-0.1mdvmes5.2.x86_64.rpm
9c08924dca5a913f562afc0b17d6e7b5 mes5/x86_64/subversion-server-1.6.23-0.1mdvmes5.2.x86_64.rpm
e6df2ebf5391278cb05e633d118d7a46 mes5/x86_64/subversion-tools-1.6.23-0.1mdvmes5.2.x86_64.rpm
352235f62cb3a585b397b67f8f8687db mes5/x86_64/svn-javahl-1.6.23-0.1mdvmes5.2.x86_64.rpm
555d17a58efeced4a57efb33eadc39be mes5/SRPMS/subversion-1.6.23-0.1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
96ce805f5926a86cfb9928ee4878adbc mbs1/x86_64/apache-mod_dav_svn-1.7.10-0.1.mbs1.x86_64.rpm
e01f199c914dd3d686c0875d24456945 mbs1/x86_64/lib64svn0-1.7.10-0.1.mbs1.x86_64.rpm
6cf641e169e452b6d650f3c40858fe5c mbs1/x86_64/lib64svn-gnome-keyring0-1.7.10-0.1.mbs1.x86_64.rpm
772edd952aafd1965ebb4409c9d51cf6 mbs1/x86_64/lib64svnjavahl1-1.7.10-0.1.mbs1.x86_64.rpm
fdad77e3c7d89a1935cb90dd08c74d72 mbs1/x86_64/perl-SVN-1.7.10-0.1.mbs1.x86_64.rpm
5b4eafd8291c21f1b12f059566b846db mbs1/x86_64/perl-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm
50f81c1a757ca4b1d2aeccce3eb2dca8 mbs1/x86_64/python-svn-1.7.10-0.1.mbs1.x86_64.rpm
200676fbcb36e143ec01a3f6fccb3513 mbs1/x86_64/python-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm
15004b7db070ded3caff2695df6d666b mbs1/x86_64/ruby-svn-1.7.10-0.1.mbs1.x86_64.rpm
dbd1df365ccbdd54f257bd507d662dc9 mbs1/x86_64/ruby-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm
4218a85705e07010c6c5225c031264a0 mbs1/x86_64/subversion-1.7.10-0.1.mbs1.x86_64.rpm
94bbd1b84ec6cd0919c347e04167a1be mbs1/x86_64/subversion-devel-1.7.10-0.1.mbs1.x86_64.rpm
1f398aca282bf1c5b38a31a6efdead37 mbs1/x86_64/subversion-doc-1.7.10-0.1.mbs1.x86_64.rpm
53a64a1f5f948d9e4be6d39a1c0ec05f mbs1/x86_64/subversion-gnome-keyring-devel-1.7.10-0.1.mbs1.x86_64.rpm
b6cb7b09aa94fef2b6ff04a0dad3aa56 mbs1/x86_64/subversion-server-1.7.10-0.1.mbs1.x86_64.rpm
27b5bb16fe21cd0585758c4b78751dc0 mbs1/x86_64/subversion-tools-1.7.10-0.1.mbs1.x86_64.rpm
f6b44cd8103689e5456148d20671e630 mbs1/x86_64/svn-javahl-1.7.10-0.1.mbs1.x86_64.rpm
f243a17e3e149d4c961945bbeb4d880b mbs1/SRPMS/subversion-1.7.10-0.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRudxBmqjQ0CJFipgRAhIaAKCN6Uww0VzElJ1TquZYXirDMBz9jwCeOHuV
ytl2RR3dbAHeFdfgq0wq5S0=
=pR4b
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus