subversion-1.6.11-11.AXS3
エラータID: AXSA:2013-398:01
Release date:
Thursday, April 25, 2013 - 10:25
Subject:
subversion-1.6.11-11.AXS3
Affected Channels:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.
Security issues fixed with this release:
• CVE-2013-1845
• CVE-2013-1846
• CVE-2013-1847
• CVE-2013-1849
No information available at the time of writing, please refer to the CVE links below.
Solution:
Update packages.
CVEs:
CVE-2013-1845
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
CVE-2013-1847
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
CVE-2013-1849
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Additional Info:
N/A
Download:
SRPMS
- subversion-1.6.11-11.AXS3.src.rpm
MD5: e0fd53eb3106e3d9c0a5e1fe234daca6
SHA-256: 708a577a1262e2dd37b0c9aa4e2c9002a1c498ac0ef8c83efa34875223eba926
Size: 11.89 MB
Asianux Server 3 for x86
- mod_dav_svn-1.6.11-11.AXS3.i386.rpm
MD5: 431ceb22ccf7fdc079233c2a80ba76bc
SHA-256: 7528827b267a87983fc33ab215accb877b760b9a48229edff2e68a95250b0f5d
Size: 78.67 kB - subversion-1.6.11-11.AXS3.i386.rpm
MD5: f9e41fce96dc621a874e8f94d3cf40c6
SHA-256: 69acf8b4c7b74f884b3aa6d6e4e69f8ff2db1957a4c3eb5e06e982e1b5c480ca
Size: 3.14 MB - subversion-devel-1.6.11-11.AXS3.i386.rpm
MD5: 60069086f4263457be192f0f9d2ef75c
SHA-256: 89161717d7483005f3dfbda68db7cf3a7a911cf2a84e94040919634626a0a295
Size: 268.26 kB - subversion-javahl-1.6.11-11.AXS3.i386.rpm
MD5: adb99eed01ba5641b5cb4f345606a7be
SHA-256: 37b6414f254ba767146cbe759252465c3bcf472041fabc15cdd603ad48010bf3
Size: 176.78 kB - subversion-perl-1.6.11-11.AXS3.i386.rpm
MD5: 5e48f3e26f158ceff7eee2376877b179
SHA-256: 35aef4bb95f0909db39f75187c2894727b8e2993b5043f5ae4b972399c921a6f
Size: 1.05 MB - subversion-ruby-1.6.11-11.AXS3.i386.rpm
MD5: 6a8a829044b674a4b4e2a41986a98030
SHA-256: aa410766920668b3ca7a1ae9623b45b0e736d2db77e72b83ade4a33742bc505e
Size: 461.27 kB
Asianux Server 3 for x86_64
- mod_dav_svn-1.6.11-11.AXS3.x86_64.rpm
MD5: f782075707cf784874dde59a76dbf863
SHA-256: 0e8cb5528346b3f8d8bd2107b4b1ffb2a236b1252aa81bd8136dbee7e48093ae
Size: 79.15 kB - subversion-1.6.11-11.AXS3.x86_64.rpm
MD5: f1043a4254dfd8bc9776cf991387a880
SHA-256: f0b4095c8badb01bf85a1d557222d9791ac1ab419c16d96059c63a2024921c31
Size: 3.23 MB - subversion-devel-1.6.11-11.AXS3.x86_64.rpm
MD5: c4cb48df2bbbe7c535e096802930b54b
SHA-256: 332eb437fe9dedb99a4f2f482afc7318ee92c5e0497c8dec49bd06c95efe4167
Size: 268.33 kB - subversion-javahl-1.6.11-11.AXS3.x86_64.rpm
MD5: eb0fbe0f0853461b9355be0339e951a3
SHA-256: e7585381454d8dfe252d51fbcf4adebcfa18dba6a5c1c04bd1a3e289d58b6b60
Size: 179.70 kB - subversion-perl-1.6.11-11.AXS3.x86_64.rpm
MD5: c3658060ba0498d2b2c5abb198ce5bc3
SHA-256: 5a1376d037184a3f7396fa3a799444c89383efe911e9f2541837740e10c71dd7
Size: 1.05 MB - subversion-ruby-1.6.11-11.AXS3.x86_64.rpm
MD5: 5fa82f5700b08c0d8be17ce8f325bcb9
SHA-256: 118ca45833c56ee1945f58c82a5cb2681abe0a869c58916f17f6b1a2cbc96be2
Size: 516.72 kB