BugTraq
[ MDVSA-2014:049 ] subversion Mar 10 2014 02:39PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:049
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : subversion
Date : March 10, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in subversion:

The get_resource function in repos.c in the mod_dav_svn module
in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when
SVNListParentPath is enabled, allows remote attackers to cause a
denial of service (crash) via vectors related to the server root
and request methods other than GET, as demonstrated by the svn ls
http://svn.example.com command (CVE-2014-0032).

This advisory provides the latest version of subversion (1.7.16)
which is not vulnerable to this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
http://subversion.apache.org/security/CVE-2014-0032-advisory.txt
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
25a0792c0644c3469694b1aed87920c4 mes5/i586/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.i586.rpm
5c4a0db4d471323f53b1062f495cc4d7 mes5/i586/libsvn0-1.7.16-0.1mdvmes5.2.i586.rpm
cf1185d10113c2ba5bfa5be6bc2c0c47 mes5/i586/libsvnjavahl1-1.7.16-0.1mdvmes5.2.i586.rpm
e3cc87ab3d41b46bf520bb292c12526f mes5/i586/perl-SVN-1.7.16-0.1mdvmes5.2.i586.rpm
27b585a2d79689d73233463841f2bc80 mes5/i586/perl-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
0039001ca9d125bfb557cffcc2f5b8c5 mes5/i586/python-svn-1.7.16-0.1mdvmes5.2.i586.rpm
4776c4ae660efbbc357c3c35fc9bd01f mes5/i586/python-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
6708ceca95968af6a53b6181278f8252 mes5/i586/ruby-svn-1.7.16-0.1mdvmes5.2.i586.rpm
261064f1e40912db8c0a863e0b907a6f mes5/i586/ruby-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
a115aab61321b6fa8180c0debfc2ebe2 mes5/i586/subversion-1.7.16-0.1mdvmes5.2.i586.rpm
942c99bfabaf203e5e10ac3ef394e63b mes5/i586/subversion-devel-1.7.16-0.1mdvmes5.2.i586.rpm
32096c5120feb2ea6ece0675ef24412a mes5/i586/subversion-doc-1.7.16-0.1mdvmes5.2.i586.rpm
35943db397129b7b6ab1ec48014356e8 mes5/i586/subversion-server-1.7.16-0.1mdvmes5.2.i586.rpm
377718f8801578a0a02afd21daa9d96d mes5/i586/subversion-tools-1.7.16-0.1mdvmes5.2.i586.rpm
be6f8cc3ef11f7219f6a07824795ed41 mes5/i586/svn-javahl-1.7.16-0.1mdvmes5.2.i586.rpm
f9511b3a764f7f5c0297b5c6478a05d5 mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
fe630b13878ebd2eef2301836d42a833 mes5/x86_64/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
34ea50c0238c1a71a0fb518ae81441a6 mes5/x86_64/lib64svn0-1.7.16-0.1mdvmes5.2.x86_64.rpm
a18979e9ea94488d2862e725b91ac995 mes5/x86_64/lib64svnjavahl1-1.7.16-0.1mdvmes5.2.x86_64.rpm
d186d26bf20b5b9cd6b6727f794b0747 mes5/x86_64/perl-SVN-1.7.16-0.1mdvmes5.2.x86_64.rpm
ba6923c0cb1f53ac8c96b682df7e5711 mes5/x86_64/perl-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
18ef94dc37d3f7c4b161fdb71cb1900e mes5/x86_64/python-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
e0615817d08e9bdc3151d8de7b6f88da mes5/x86_64/python-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
8f3f546f4b57e2e6fe2d951e02eafde1 mes5/x86_64/ruby-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
0dd7b95e42ebe58bc5a3a368142f7de6 mes5/x86_64/ruby-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
da5acbb29a65970a911fdfd44e39e9d6 mes5/x86_64/subversion-1.7.16-0.1mdvmes5.2.x86_64.rpm
e4ccfd66a649b933ecc7bfd1fdba686d mes5/x86_64/subversion-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
074511092d7547f4c01f7820c4a00cab mes5/x86_64/subversion-doc-1.7.16-0.1mdvmes5.2.x86_64.rpm
2cada523fcd8673de0fb2f99de60dad6 mes5/x86_64/subversion-server-1.7.16-0.1mdvmes5.2.x86_64.rpm
0f435f9026b9460c5be686a4d8218350 mes5/x86_64/subversion-tools-1.7.16-0.1mdvmes5.2.x86_64.rpm
933d8dfd42cdd71c6d43b7bec209a5e7 mes5/x86_64/svn-javahl-1.7.16-0.1mdvmes5.2.x86_64.rpm
f9511b3a764f7f5c0297b5c6478a05d5 mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
5095fc2f7b63d2374ba366051a873b58 mbs1/x86_64/apache-mod_dav_svn-1.7.16-0.1.mbs1.x86_64.rpm
633a46f34b6da14ddcab055dcc7b43c6 mbs1/x86_64/lib64svn0-1.7.16-0.1.mbs1.x86_64.rpm
1ca8f4e33ce81302d36912ed217f80b3 mbs1/x86_64/lib64svn-gnome-keyring0-1.7.16-0.1.mbs1.x86_64.rpm
f70f985409153583212517dbada5ab0b mbs1/x86_64/lib64svnjavahl1-1.7.16-0.1.mbs1.x86_64.rpm
ed488e73c53881ada31cba91eab5b086 mbs1/x86_64/perl-SVN-1.7.16-0.1.mbs1.x86_64.rpm
ed510f571e41eb525e342ec597d1cfbe mbs1/x86_64/perl-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
6d4359f416b2a54ea9bb54275bc9cff2 mbs1/x86_64/python-svn-1.7.16-0.1.mbs1.x86_64.rpm
406091c32bc4423da6afccf201e27ffb mbs1/x86_64/python-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
6ccff4806cb52a1694387c97c9b9e016 mbs1/x86_64/ruby-svn-1.7.16-0.1.mbs1.x86_64.rpm
e5d7242d92ca6ea497a308f7b34fe207 mbs1/x86_64/ruby-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
edb6502354863c56f29e7e65d75a21df mbs1/x86_64/subversion-1.7.16-0.1.mbs1.x86_64.rpm
71f817eda62ba04e639137541f85a7a1 mbs1/x86_64/subversion-devel-1.7.16-0.1.mbs1.x86_64.rpm
1daf40a5cb7aff387e9cd52eaf5cec1a mbs1/x86_64/subversion-doc-1.7.16-0.1.mbs1.x86_64.rpm
da9f368e0f57688ad2727cf8f38650bb mbs1/x86_64/subversion-gnome-keyring-devel-1.7.16-0.1.mbs1.x86_64.rpm
2e96f1e645fe8ee6b398161e1cf1bd8a mbs1/x86_64/subversion-server-1.7.16-0.1.mbs1.x86_64.rpm
aef744152ee3c6f2298dca3ce64a3365 mbs1/x86_64/subversion-tools-1.7.16-0.1.mbs1.x86_64.rpm
9e3a148929cbbcdaeffdc74f5082abf8 mbs1/x86_64/svn-javahl-1.7.16-0.1.mbs1.x86_64.rpm
b480b905c3a423649991f29d8853a006 mbs1/SRPMS/subversion-1.7.16-0.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTHaKgmqjQ0CJFipgRAnvPAJ9MZ1sKSMshIi2uRtzVu63Jgpa1vACgosTF
HKgtP0IPcxhUN9djE9HZwsk=
=EunO
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus