subversion-1.6.11-2.AXS4.4
エラータID: AXSA:2011-732:02
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file.
Subversion is intended to be a compelling replacement for CVS.
Security issues fixed with this release:
CVE-2011-1752
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
CVE-2011-1783
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
CVE-2011-1921
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
Update packages.
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
From Asianux Server 4 SP1.
SRPMS
- subversion-1.6.11-2.AXS4.4.src.rpm
MD5: 68c95ff52cb5e601da889a521743867f
SHA-256: 9b80aeb2730bc98e312d8f5451f2fc49477e87a44f1d8099f2214ac612f7fd04
Size: 5.33 MB
Asianux Server 4 for x86
- mod_dav_svn-1.6.11-2.AXS4.4.i686.rpm
MD5: 027e478806a9bd6dfe85f672560653d4
SHA-256: 4c3f309f706125716ed3eab470119318ef3bb81517540e3790db7c9af26375b2
Size: 78.91 kB - subversion-1.6.11-2.AXS4.4.i686.rpm
MD5: bc6cf21e5d317cb7b29dac1d778f83a2
SHA-256: 7244d486828b71538b45efdf1cb5fcafe9e248f9a48923711db4908784871170
Size: 2.23 MB - subversion-javahl-1.6.11-2.AXS4.4.i686.rpm
MD5: 8c0f274f5988f4f67044566d517e7e15
SHA-256: 2d8ff72780123ff83c20b9cf618611ec63750a198b12153c36d804585465c261
Size: 171.22 kB
Asianux Server 4 for x86_64
- mod_dav_svn-1.6.11-2.AXS4.4.x86_64.rpm
MD5: c5e576f99958a1c162a521696c5ee086
SHA-256: 98070bceaad6b3e7da62bc9201e8b7f04473f3903a51334a28bb408c2ee79660
Size: 77.43 kB - subversion-1.6.11-2.AXS4.4.x86_64.rpm
MD5: 2ca3517c0147b1148aa5fac51664d72b
SHA-256: bf0413e0b16dcd8f1485d821ba947394071b21314c1c0a1a45bdcba796dff5e1
Size: 2.27 MB - subversion-javahl-1.6.11-2.AXS4.4.x86_64.rpm
MD5: 3479e6894039ae620bdf925834a688aa
SHA-256: 2a8262e6ba56aae7727390a662f0e04e7daed38607a6cb95fdf6e1f2bae795e8
Size: 171.59 kB - subversion-1.6.11-2.AXS4.4.i686.rpm
MD5: bc6cf21e5d317cb7b29dac1d778f83a2
SHA-256: 7244d486828b71538b45efdf1cb5fcafe9e248f9a48923711db4908784871170
Size: 2.23 MB - subversion-javahl-1.6.11-2.AXS4.4.i686.rpm
MD5: 8c0f274f5988f4f67044566d517e7e15
SHA-256: 2d8ff72780123ff83c20b9cf618611ec63750a198b12153c36d804585465c261
Size: 171.22 kB