From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------- Debian Security Advisory DSA-2118-1
[email protected] http://www.debian.org/security/ Nico Golde October 8th, 2010
http://www.debian.org/security/faq
- ---------------------------------------------------------------------------
Package : subversion
Vulnerability : logic flaw
Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-3315
Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn
module of subversion, a version control system, is not properly enforcing access rules which are scope-limited to named repositories. If the SVNPathAuthz option is set to "short_circuit" set this may enable an unprivileged attacker to bypass intended access restrictions and disclose
or modify repository content.
As a workaround it is also possible to set SVNPathAuthz to "on" but be
advised that this can result in a performance decrease for large
repositories.
For the stable distribution (lenny), this problem has been fixed in
version 1.5.1dfsg1-5.
For the testing distribution (squeeze), this problem has been fixed in
version 1.6.12dfsg-2.
For the unstable distribution (sid), this problem has been fixed in
version 1.6.12dfsg-2.
We recommend that you upgrade your samba packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5.diff.gz
Size/MD5 checksum: 91687 44dd10c3137760240bb56a100ca4cba6
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5.dsc
Size/MD5 checksum: 1845 7878e43c2c80e0a6c07b96d797dfde86
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1.orig.tar.gz
Size/MD5 checksum: 6805740 09a95bbc203ec516db796bd40d612403
Architecture independent packages:
http://security.debian.org/pool/updates/main/s/subversion/libsvn-doc_1.5.1dfsg1-5_all.deb
Size/MD5 checksum: 1937436 69a2e5adf8a482d288e3f29357d10194
http://security.debian.org/pool/updates/main/s/subversion/subversion-tools_1.5.1dfsg1-5_all.deb
Size/MD5 checksum: 181958 000312b36cc4ff900c4479df748c0172
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby_1.5.1dfsg1-5_all.deb
Size/MD5 checksum: 764 6fced63bde9227b8f7671fb33cb2d7b1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_alpha.deb
Size/MD5 checksum: 533438 7a199374ac5459a5b67e319917037004
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_alpha.deb
Size/MD5 checksum: 1294012 f35e99abaf9514e824baec6be8585fb2
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_alpha.deb
Size/MD5 checksum: 899446 d41aa5920720619965450703f3c8fe49
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_alpha.deb
Size/MD5 checksum: 151234 a153898b355944200fd0187202d49500
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_alpha.deb
Size/MD5 checksum: 1193012 5ea6e2cc6567bfc3d9a96cdb99255a3e
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_alpha.deb
Size/MD5 checksum: 1150232 fa24f3c490f6097f028b258c64d8c4f1
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_alpha.deb
Size/MD5 checksum: 1565150 d41477926238b46ae2e15a9c87299ac0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_amd64.deb
Size/MD5 checksum: 1283396 28dcf742f9807ea42333e288b2d8204b
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_amd64.deb
Size/MD5 checksum: 285336 8bc405f1733103bdc1f8adc4ee9ccc60
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_amd64.deb
Size/MD5 checksum: 150352 4fd2dacd30026f3ce29dc4cfe0060487
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_amd64.deb
Size/MD5 checksum: 1211864 a26e60f59bff282e1e9475eacb7bcdcc
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_amd64.deb
Size/MD5 checksum: 864300 698f5b201980f3a46dc699bab55b83ec
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_amd64.deb
Size/MD5 checksum: 1219570 fbdcfa0d608b0a3366aae42c0efea222
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_amd64.deb
Size/MD5 checksum: 1081856 0df403c57d9c7029122c1f3026cf3624
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_amd64.deb
Size/MD5 checksum: 561334 fbea124e749f15b8f2eb0435b9373c2d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_armel.deb
Size/MD5 checksum: 1079482 9d876a12091cd7d085c35a75ad923e81
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_armel.deb
Size/MD5 checksum: 755496 fb35757f0a6fb6a407e7896650e88f0d
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_armel.deb
Size/MD5 checksum: 1008056 411b3292372bf1063f939dd81362ebad
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)