Articles / SuSE: New subversion packag…

SuSE: New subversion packages fix remote denial of service

Subversion was updated to fix several security issues: The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes all available memory on the system. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users. Remote attackers could crash an svn server by causing a NULL deref. Updated packages are available from download.opensuse.org.

  SUSE Security Update: subversion
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0691-1
Rating:             important
References:         #676949 #688968 #698205 
Cross-References:   CVE-2011-0715 CVE-2011-1752 CVE-2011-1783
                   CVE-2011-1921
Affected Products:
                   SUSE Linux Enterprise Software Development Kit 11 SP1
______________________________________________________________________________

  An update that fixes four vulnerabilities is now available.

Description:


  Subversion was updated to fix several security issues:

  * CVE-2011-1752: The mod_dav_svn Apache HTTPD server
  module can be crashed though when asked to deliver
  baselined WebDAV resources.
  * CVE-2011-1783: The mod_dav_svn Apache HTTPD server
  module can trigger a loop which consumes all available
  memory on the system.
  * CVE-2011-1921: The mod_dav_svn Apache HTTPD server
  module may leak to remote users the file contents of files
  configured to be unreadable by those users.
  * CVE-2011-0715: Remote attackers could crash an svn
  server by causing a NULL deref

  Security Issue references:

  * CVE-2011-1752
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752

  * CVE-2011-1783
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783

  * CVE-2011-1921
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921

  * CVE-2011-0715
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715



Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Software Development Kit 11 SP1:

     zypper in -t patch sdksp1-subversion-4691

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     subversion-1.5.7-0.10.1
     subversion-devel-1.5.7-0.10.1
     subversion-perl-1.5.7-0.10.1
     subversion-python-1.5.7-0.10.1
     subversion-server-1.5.7-0.10.1
     subversion-tools-1.5.7-0.10.1


References:

  http://support.novell.com/security/cve/CVE-2011-0715.html
  http://support.novell.com/security/cve/CVE-2011-1752.html
  http://support.novell.com/security/cve/CVE-2011-1783.html
  http://support.novell.com/security/cve/CVE-2011-1921.html
  https://bugzilla.novell.com/676949
  https://bugzilla.novell.com/688968
  https://bugzilla.novell.com/698205
  http://download.novell.com/patch/finder/?keywords=042ece1ed68574582bf41a46ffb91d01
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.