subversion-1.6.11-7.AXS3.4

エラータID: AXSA:2011-225:03

Release date: 
Monday, July 11, 2011 - 15:00
Subject: 
subversion-1.6.11-7.AXS3.4
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.
Security issues fixed with this release:
CVE-2011-1752
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
CVE-2011-1783
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
CVE-2011-1921
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.

Solution: 

Update packages.

CVEs: 
CVE-2011-1752
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
CVE-2011-1783
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
CVE-2011-1921
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.




Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. mod_dav_svn-1.6.11-7.AXS3.4.i386.rpm
    MD5: e2db519ef5c7996d470f7aa0a17a6622
    SHA-256: cc715f191620aa81c9e974c6d3259fca8f5d0e20830f1af538ba834721dfd75f
    Size: 78.53 kB
  2. subversion-1.6.11-7.AXS3.4.i386.rpm
    MD5: e621961ab38845a00b8c66d3a1a21dd9
    SHA-256: b924d777b987d1c6f48963be3ea50cfd6a53c3c20a13008428bda541e29687f7
    Size: 3.14 MB
  3. subversion-devel-1.6.11-7.AXS3.4.i386.rpm
    MD5: eda3c4db67f5da3f19b267c6d3d3b139
    SHA-256: 5833858fed5c63c34b9af60d67c93637caa7dda04ba0f84e13899ba67f1884b4
    Size: 268.06 kB
  4. subversion-javahl-1.6.11-7.AXS3.4.i386.rpm
    MD5: 9930b29683bb18084285a339653e47fa
    SHA-256: 22dbee4ead89606b413f992746dfc9031424b9f08a968196308e9c74f73ce171
    Size: 176.63 kB
  5. subversion-perl-1.6.11-7.AXS3.4.i386.rpm
    MD5: f1fcacca3d27128498d3d69ed965e564
    SHA-256: 19085408830dc96363b03814d1bb2a565090005a9b739cff1391a7cfd77ffb18
    Size: 1.04 MB
  6. subversion-ruby-1.6.11-7.AXS3.4.i386.rpm
    MD5: b3b960e3188547a029a6f76e4c7671b6
    SHA-256: b2e917a1eccebbae9482ecd23c4a6d9b386e20a036118ba6dd3bd61268e42b6e
    Size: 461.09 kB

Asianux Server 3 for x86_64
  1. mod_dav_svn-1.6.11-7.AXS3.4.x86_64.rpm
    MD5: 0183386942de270937eb1c9c3b60e91b
    SHA-256: 4000ddb575a0028df58b23a95788131eff08705673c8d500c407a4f6ec0c40c3
    Size: 78.91 kB
  2. subversion-1.6.11-7.AXS3.4.x86_64.rpm
    MD5: 7182d7107c357cdea356f214b6cea649
    SHA-256: e5a58bf95b705ac3d1159932d6904551c81f600afd281cc6252f3b29117fff48
    Size: 3.23 MB
  3. subversion-devel-1.6.11-7.AXS3.4.x86_64.rpm
    MD5: e5f60983ab23de170b0e4d9ef6f495bd
    SHA-256: 5e2baad4cd34b4b7d2f65f41aa4195eeb0cc313d19290db48d3936c546b769b5
    Size: 268.18 kB
  4. subversion-javahl-1.6.11-7.AXS3.4.x86_64.rpm
    MD5: ff6fe2e2bcf340a0e2760a729e8c571f
    SHA-256: afd3938e358e37dd36e5c41e8266c6e42d0bb14adb4b269a5bc7fa24a93c6010
    Size: 179.53 kB
  5. subversion-perl-1.6.11-7.AXS3.4.x86_64.rpm
    MD5: fc9db536b4ce49184d140f5af20637f9
    SHA-256: 3f9aa42b36a0c84d5afc792c62ef11e4b2f5135f6e2c2f5dce831cabcd0cd93a
    Size: 1.05 MB
  6. subversion-ruby-1.6.11-7.AXS3.4.x86_64.rpm
    MD5: 18bb9fc0ba69da061871724252efff64
    SHA-256: 2b55828fc12f1237c71444625304965e98c74f5399c4f56fd8bc3c6e4833f93c
    Size: 516.56 kB