subversion-1.6.11-9.0.1.AXS4

エラータID: AXSA:2013-410:01

Release date: 
Thursday, April 25, 2013 - 15:55
Subject: 
subversion-1.6.11-9.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.

Security issues fixed with this release:

• CVE-2013-1845
• CVE-2013-1846
• CVE-2013-1847
• CVE-2013-1849
No description available at the time of writing, please use the CVE links below.

Solution: 

Update packages.

CVEs: 
CVE-2013-1845
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
CVE-2013-1847
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
CVE-2013-1849
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.


Additional Info: 

N/A

Download: 

SRPMS
  1. subversion-1.6.11-9.0.1.AXS4.src.rpm
    MD5: c2287a8772b0174a5645aedaa61b6df3
    SHA-256: 5525a45332fb6f6d260865381d87f9a8311a5212b48adb32a8d84db72711c514
    Size: 5.34 MB

Asianux Server 4 for x86
  1. mod_dav_svn-1.6.11-9.0.1.AXS4.i686.rpm
    MD5: b42a0eff7380769b77d26f58b4296972
    SHA-256: 59ae2122c45901b6285fe97c23e87e7fff0a64124b3e669b7467649d8c4365ca
    Size: 79.49 kB
  2. subversion-1.6.11-9.0.1.AXS4.i686.rpm
    MD5: 74aacac3debc7d0b78916600d623486c
    SHA-256: 0dd564957c90a695a7f4c4a93f18f3f0df09c60d8648bf967bed109318e110b4
    Size: 2.23 MB
  3. subversion-javahl-1.6.11-9.0.1.AXS4.i686.rpm
    MD5: a413de0522189f196a53dc14c2d2d59b
    SHA-256: e0a244c9b9f0cd26ed0d4cecc0d84abdd5dff28f5aaf8b3185e4a198ac11a2db
    Size: 171.86 kB

Asianux Server 4 for x86_64
  1. mod_dav_svn-1.6.11-9.0.1.AXS4.x86_64.rpm
    MD5: 1a09f29dfc7fbee115737e28ac1c3296
    SHA-256: d3eefb2771c92892282ce510f64c7ab7a083a93a258ef50442c26a357ac23139
    Size: 78.00 kB
  2. subversion-1.6.11-9.0.1.AXS4.x86_64.rpm
    MD5: 08d66a4967a3aef5ec6366679f1f22a8
    SHA-256: dfc3af5c818f3991414de77b9c8cb95312bebd99378819d7cb6235938d88191d
    Size: 2.28 MB
  3. subversion-javahl-1.6.11-9.0.1.AXS4.x86_64.rpm
    MD5: 8a9151f5a1793960c39aeca640b2d2a8
    SHA-256: ed1964e1c293708d357ddf033e67ccffc3cb9221e46028ab6f6fbac579e5f290
    Size: 172.21 kB
  4. subversion-1.6.11-9.0.1.AXS4.i686.rpm
    MD5: 74aacac3debc7d0b78916600d623486c
    SHA-256: 0dd564957c90a695a7f4c4a93f18f3f0df09c60d8648bf967bed109318e110b4
    Size: 2.23 MB
  5. subversion-javahl-1.6.11-9.0.1.AXS4.i686.rpm
    MD5: a413de0522189f196a53dc14c2d2d59b
    SHA-256: e0a244c9b9f0cd26ed0d4cecc0d84abdd5dff28f5aaf8b3185e4a198ac11a2db
    Size: 171.86 kB