subversion-1.6.11-9.0.1.AXS4
エラータID: AXSA:2013-410:01
Release date:
Thursday, April 25, 2013 - 15:55
Subject:
subversion-1.6.11-9.0.1.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.
Security issues fixed with this release:
• CVE-2013-1845
• CVE-2013-1846
• CVE-2013-1847
• CVE-2013-1849
No description available at the time of writing, please use the CVE links below.
Solution:
Update packages.
CVEs:
CVE-2013-1845
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
CVE-2013-1847
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
CVE-2013-1849
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Additional Info:
N/A
Download:
SRPMS
- subversion-1.6.11-9.0.1.AXS4.src.rpm
MD5: c2287a8772b0174a5645aedaa61b6df3
SHA-256: 5525a45332fb6f6d260865381d87f9a8311a5212b48adb32a8d84db72711c514
Size: 5.34 MB
Asianux Server 4 for x86
- mod_dav_svn-1.6.11-9.0.1.AXS4.i686.rpm
MD5: b42a0eff7380769b77d26f58b4296972
SHA-256: 59ae2122c45901b6285fe97c23e87e7fff0a64124b3e669b7467649d8c4365ca
Size: 79.49 kB - subversion-1.6.11-9.0.1.AXS4.i686.rpm
MD5: 74aacac3debc7d0b78916600d623486c
SHA-256: 0dd564957c90a695a7f4c4a93f18f3f0df09c60d8648bf967bed109318e110b4
Size: 2.23 MB - subversion-javahl-1.6.11-9.0.1.AXS4.i686.rpm
MD5: a413de0522189f196a53dc14c2d2d59b
SHA-256: e0a244c9b9f0cd26ed0d4cecc0d84abdd5dff28f5aaf8b3185e4a198ac11a2db
Size: 171.86 kB
Asianux Server 4 for x86_64
- mod_dav_svn-1.6.11-9.0.1.AXS4.x86_64.rpm
MD5: 1a09f29dfc7fbee115737e28ac1c3296
SHA-256: d3eefb2771c92892282ce510f64c7ab7a083a93a258ef50442c26a357ac23139
Size: 78.00 kB - subversion-1.6.11-9.0.1.AXS4.x86_64.rpm
MD5: 08d66a4967a3aef5ec6366679f1f22a8
SHA-256: dfc3af5c818f3991414de77b9c8cb95312bebd99378819d7cb6235938d88191d
Size: 2.28 MB - subversion-javahl-1.6.11-9.0.1.AXS4.x86_64.rpm
MD5: 8a9151f5a1793960c39aeca640b2d2a8
SHA-256: ed1964e1c293708d357ddf033e67ccffc3cb9221e46028ab6f6fbac579e5f290
Size: 172.21 kB - subversion-1.6.11-9.0.1.AXS4.i686.rpm
MD5: 74aacac3debc7d0b78916600d623486c
SHA-256: 0dd564957c90a695a7f4c4a93f18f3f0df09c60d8648bf967bed109318e110b4
Size: 2.23 MB - subversion-javahl-1.6.11-9.0.1.AXS4.i686.rpm
MD5: a413de0522189f196a53dc14c2d2d59b
SHA-256: e0a244c9b9f0cd26ed0d4cecc0d84abdd5dff28f5aaf8b3185e4a198ac11a2db
Size: 171.86 kB