1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2251-1] subversion security update

    From Thijs Kinkhorst@1:229/2 to All on Thu Jun 2 11:50:03 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2251-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
    June 02, 2011 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : subversion
    Vulnerability : several
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2011-1752 CVE-2011-1783 CVE-2011-1921

    Several vulnerabilities were discovered in Subversion, the version
    control system. The Common Vulnerabilities and Exposures project
    identifies the following problems:

    CVE-2011-1752

    The mod_dav_svn Apache HTTPD server module can be crashed though
    when asked to deliver baselined WebDAV resources.

    CVE-2011-1783

    The mod_dav_svn Apache HTTPD server module can trigger a loop which
    consumes all available memory on the system.

    CVE-2011-1921

    The mod_dav_svn Apache HTTPD server module may leak to remote users
    the file contents of files configured to be unreadable by those
    users.

    For the oldstable distribution (lenny), this problem has been fixed in
    version 1.5.1dfsg1-7.

    For the stable distribution (squeeze), this problem has been fixed in
    version 1.6.12dfsg-6.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.6.17dfsg-1.

    We recommend that you upgrade your subversion packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iQEcBAEBAgAGBQJN51w8AAoJEOxfUAG2iX578DEH/0AnYvKNnyT4C4jLIDfepOKg ebgFmGapsVOm9lk6YNfrpCue2ecxW+mfU+mMVgHRYv2LRiqAJbyAd+Kb/JcgEwtf NRZX6SQWO9TP91w/LWWxUbFXKqELUA1NbC7oIuGqcS4TWwcdLK/Z+QYTXorVgJgB LZkuDvZ6heLxQJVtEMaLtHInOFYu5Q/FAFFyM4Raweha0/Q0LGE6MSqsYNThDoqJ PTF48OVP4BBbhFVfMXiv8N4SXeRwej+qSHIWLfRkYSuyh0JUzaJaRwaQnz5icWGl kfF6JGn8izrSaBPPZA0voZ6/Bn31JlWK6QLFvDtuY3n6cG+vi422Y9QZOjIlBD8=
    =4u2D
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)