exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-106

Mandriva Linux Security Advisory 2011-106
Posted Jun 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-106 - The mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
SHA-256 | db5fe256ef577b1b631f68ced08339d66969930e81aff27ca5f3917b3f80347a

Mandriva Linux Security Advisory 2011-106

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:106
http://www.mandriva.com/security/
_______________________________________________________________________

Package : subversion
Date : June 4, 2011
Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities were discovered and corrected in subversion:

The mod_dav_svn Apache HTTPD server module will dereference a NULL
pointer if asked to deliver baselined WebDAV resources which can lead
to a DoS (Denial Of Service) (CVE-2011-1752).

The mod_dav_svn Apache HTTPD server module may in certain cenarios
enter a logic loop which does not exit and which allocates emory in
each iteration, ultimately exhausting all the available emory on the
server which can lead to a DoS (Denial Of Service) (CVE-2011-1783).

The mod_dav_svn Apache HTTPD server module may leak to remote users
the file contents of files configured to be unreadable by those users
(CVE-2011-1921).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been upgraded to the 1.6.17 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921
http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
b7dcf908858e788c0321e13109163494 2009.0/i586/apache-mod_dav_svn-1.6.17-0.1mdv2009.0.i586.rpm
c403bbd6aedcd9426dc5cf72ef56d1a9 2009.0/i586/apache-mod_dontdothat-1.6.17-0.1mdv2009.0.i586.rpm
2f3d2373aed96710023c6a84819731f6 2009.0/i586/libsvn0-1.6.17-0.1mdv2009.0.i586.rpm
2b4a273ce742b44b5a18bfaba5b9e6af 2009.0/i586/libsvnjavahl1-1.6.17-0.1mdv2009.0.i586.rpm
e11fb3f919ab6358d3a3ac26d803715f 2009.0/i586/perl-SVN-1.6.17-0.1mdv2009.0.i586.rpm
745a88c6044f3cf2fda88bfc80500c1a 2009.0/i586/python-svn-1.6.17-0.1mdv2009.0.i586.rpm
7baab70f65cac6de36cede330f032cc5 2009.0/i586/ruby-svn-1.6.17-0.1mdv2009.0.i586.rpm
c15bd5f296328d65f2612a61238b0f01 2009.0/i586/subversion-1.6.17-0.1mdv2009.0.i586.rpm
b6c69f4a93490250bc4c1c29a51d0301 2009.0/i586/subversion-devel-1.6.17-0.1mdv2009.0.i586.rpm
6b780c034fcf7caa146ac495f74776fd 2009.0/i586/subversion-doc-1.6.17-0.1mdv2009.0.i586.rpm
51e8efe6c17057098eec1e9b0d9b305e 2009.0/i586/subversion-server-1.6.17-0.1mdv2009.0.i586.rpm
f974ca62b90d4db1f3eeb0dc80a06787 2009.0/i586/subversion-tools-1.6.17-0.1mdv2009.0.i586.rpm
804da077e30821641755625cb9f6f545 2009.0/i586/svn-javahl-1.6.17-0.1mdv2009.0.i586.rpm
9ac126adb88c745c67e55630c98f1dff 2009.0/SRPMS/subversion-1.6.17-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
adf776406f42c9bb4c5928f8d16ad74f 2009.0/x86_64/apache-mod_dav_svn-1.6.17-0.1mdv2009.0.x86_64.rpm
f35384b836889e04b9d732045deacccb 2009.0/x86_64/apache-mod_dontdothat-1.6.17-0.1mdv2009.0.x86_64.rpm
cff7dcefaf6e8c3d0a7642a36661e803 2009.0/x86_64/lib64svn0-1.6.17-0.1mdv2009.0.x86_64.rpm
01019c76de0636f512bc1338a180ab1b 2009.0/x86_64/lib64svnjavahl1-1.6.17-0.1mdv2009.0.x86_64.rpm
74812d1b64db5301b1ed74db46dc08b6 2009.0/x86_64/perl-SVN-1.6.17-0.1mdv2009.0.x86_64.rpm
59e84aa6043fae46047327ac124771e9 2009.0/x86_64/python-svn-1.6.17-0.1mdv2009.0.x86_64.rpm
15fae543266ede69fa220419ca91bc8f 2009.0/x86_64/ruby-svn-1.6.17-0.1mdv2009.0.x86_64.rpm
cd9be5e2b3ba9497e7f8e42a8d0181e0 2009.0/x86_64/subversion-1.6.17-0.1mdv2009.0.x86_64.rpm
8e14979cf0ac190035fcb0ae994fe4d8 2009.0/x86_64/subversion-devel-1.6.17-0.1mdv2009.0.x86_64.rpm
4c2e1922b12202697983b567638c9b92 2009.0/x86_64/subversion-doc-1.6.17-0.1mdv2009.0.x86_64.rpm
a7e5997dc660568bafed59a7bab37578 2009.0/x86_64/subversion-server-1.6.17-0.1mdv2009.0.x86_64.rpm
936dc2d30cc5bb8f54b32d862af63f3d 2009.0/x86_64/subversion-tools-1.6.17-0.1mdv2009.0.x86_64.rpm
e40d82e0b13a180d2a3c2ed2cd356e52 2009.0/x86_64/svn-javahl-1.6.17-0.1mdv2009.0.x86_64.rpm
9ac126adb88c745c67e55630c98f1dff 2009.0/SRPMS/subversion-1.6.17-0.1mdv2009.0.src.rpm

Mandriva Linux 2010.1:
809c8316c0cf26a1aa7a26260ebd556b 2010.1/i586/apache-mod_dav_svn-1.6.17-0.1mdv2010.2.i586.rpm
1c5aa3316d62eb40cbda3e91b5a0dead 2010.1/i586/apache-mod_dontdothat-1.6.17-0.1mdv2010.2.i586.rpm
680745e35e66433826514dc65f748597 2010.1/i586/libsvn0-1.6.17-0.1mdv2010.2.i586.rpm
2e523e3262c4fa0d918f6667c8c00bf1 2010.1/i586/libsvn-gnome-keyring0-1.6.17-0.1mdv2010.2.i586.rpm
5b8802e18a6e594676823ec01348143b 2010.1/i586/libsvnjavahl1-1.6.17-0.1mdv2010.2.i586.rpm
2d9d773efd8a108b59dd774d6030681e 2010.1/i586/libsvn-kwallet0-1.6.17-0.1mdv2010.2.i586.rpm
786cd1f13ee58d23e8246b37991f3a4c 2010.1/i586/perl-SVN-1.6.17-0.1mdv2010.2.i586.rpm
f718ab77c2b5c77e2b49b38604f4663f 2010.1/i586/python-svn-1.6.17-0.1mdv2010.2.i586.rpm
e006b5cef023e652caf2281a197e848a 2010.1/i586/ruby-svn-1.6.17-0.1mdv2010.2.i586.rpm
a7f25d127ad47dde81e72f947a425311 2010.1/i586/subversion-1.6.17-0.1mdv2010.2.i586.rpm
2e8997143a4e9caccd531496b3d01acc 2010.1/i586/subversion-devel-1.6.17-0.1mdv2010.2.i586.rpm
1102fa83a4d71bb78410fcf52e240a6a 2010.1/i586/subversion-doc-1.6.17-0.1mdv2010.2.i586.rpm
f7d57f0fb38326ef4a94f17ece68071e 2010.1/i586/subversion-server-1.6.17-0.1mdv2010.2.i586.rpm
371566535452839fd3f56d0fd1949083 2010.1/i586/subversion-tools-1.6.17-0.1mdv2010.2.i586.rpm
1625168460442b3044986aec02642ceb 2010.1/i586/svn-javahl-1.6.17-0.1mdv2010.2.i586.rpm
3186570aa3e04f22d98a28e75a394710 2010.1/SRPMS/subversion-1.6.17-0.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
5e499d3c40941455d1b37dbf5773991e 2010.1/x86_64/apache-mod_dav_svn-1.6.17-0.1mdv2010.2.x86_64.rpm
0aa267a7b319e2a30960ee2a5414d80e 2010.1/x86_64/apache-mod_dontdothat-1.6.17-0.1mdv2010.2.x86_64.rpm
35cdd975fcec1b990d51bdb9f1714bf4 2010.1/x86_64/lib64svn0-1.6.17-0.1mdv2010.2.x86_64.rpm
4278a8f843fb04cd2850eaa64cb0f568 2010.1/x86_64/lib64svn-gnome-keyring0-1.6.17-0.1mdv2010.2.x86_64.rpm
d2c973cce463ac11b543c93e70c8aed9 2010.1/x86_64/lib64svnjavahl1-1.6.17-0.1mdv2010.2.x86_64.rpm
80302dffc3708392c44c71e8beb5318c 2010.1/x86_64/lib64svn-kwallet0-1.6.17-0.1mdv2010.2.x86_64.rpm
326ef2d296d29e081afb3191af5212ef 2010.1/x86_64/perl-SVN-1.6.17-0.1mdv2010.2.x86_64.rpm
3ebaa0c7e51c6607cbb15d032793126c 2010.1/x86_64/python-svn-1.6.17-0.1mdv2010.2.x86_64.rpm
7fac98a4b1457fdd628c0f9ac342497a 2010.1/x86_64/ruby-svn-1.6.17-0.1mdv2010.2.x86_64.rpm
5291fcc25554166520cab2642fbdf166 2010.1/x86_64/subversion-1.6.17-0.1mdv2010.2.x86_64.rpm
8b18da0f0e6e8a39f56774395c73eb21 2010.1/x86_64/subversion-devel-1.6.17-0.1mdv2010.2.x86_64.rpm
5e645e03996129bb649ca39a24a09496 2010.1/x86_64/subversion-doc-1.6.17-0.1mdv2010.2.x86_64.rpm
ceb52200e4ebfeadec2d48c2c7b5fd4d 2010.1/x86_64/subversion-server-1.6.17-0.1mdv2010.2.x86_64.rpm
95aff7b1b38a5a26a58b44e3984d3d89 2010.1/x86_64/subversion-tools-1.6.17-0.1mdv2010.2.x86_64.rpm
968576b20dd363a6899c4c7eefe8b614 2010.1/x86_64/svn-javahl-1.6.17-0.1mdv2010.2.x86_64.rpm
3186570aa3e04f22d98a28e75a394710 2010.1/SRPMS/subversion-1.6.17-0.1mdv2010.2.src.rpm

Corporate 4.0:
b424fc4dea5b090cc831a9b26996bb72 corporate/4.0/i586/apache-mod_dav_svn-1.6.17-0.1.20060mlcs4.i586.rpm
66fd3f68ab4e67043c7bb06bf0f5aaeb corporate/4.0/i586/apache-mod_dontdothat-1.6.17-0.1.20060mlcs4.i586.rpm
cc441dda9a371692b8412af0c0b994b8 corporate/4.0/i586/libsvn0-1.6.17-0.1.20060mlcs4.i586.rpm
f6005206e732c2f8484e6d49e4b26145 corporate/4.0/i586/perl-SVN-1.6.17-0.1.20060mlcs4.i586.rpm
ed2db70bc8a07fe65980e4ca57abb682 corporate/4.0/i586/python-svn-1.6.17-0.1.20060mlcs4.i586.rpm
ea7940a13e22f15181076d9fda196b3c corporate/4.0/i586/subversion-1.6.17-0.1.20060mlcs4.i586.rpm
93a99bf395142992eb853fde5ea11df0 corporate/4.0/i586/subversion-devel-1.6.17-0.1.20060mlcs4.i586.rpm
9498abb347b8bda55c0d16eb24b632d8 corporate/4.0/i586/subversion-doc-1.6.17-0.1.20060mlcs4.i586.rpm
0417594b6d75639b515d6154494bd982 corporate/4.0/i586/subversion-server-1.6.17-0.1.20060mlcs4.i586.rpm
9e8f089fbf491f5461b4cd3adf352105 corporate/4.0/i586/subversion-tools-1.6.17-0.1.20060mlcs4.i586.rpm
229c77a2d2172dbb17cc496d169e8dec corporate/4.0/SRPMS/subversion-1.6.17-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
e992b482857ea06a007d88357fb5000b corporate/4.0/x86_64/apache-mod_dav_svn-1.6.17-0.1.20060mlcs4.x86_64.rpm
60c10a01326c435570ff1c009de7e545 corporate/4.0/x86_64/apache-mod_dontdothat-1.6.17-0.1.20060mlcs4.x86_64.rpm
3c9826dc51d1a6b6289a8c123edb4803 corporate/4.0/x86_64/lib64svn0-1.6.17-0.1.20060mlcs4.x86_64.rpm
061c8703b664f7243d57c36f560c037c corporate/4.0/x86_64/perl-SVN-1.6.17-0.1.20060mlcs4.x86_64.rpm
ba61070e3084b50f3d3196911ee9004b corporate/4.0/x86_64/python-svn-1.6.17-0.1.20060mlcs4.x86_64.rpm
e87e651ac237c9425e1a2650f9761fe9 corporate/4.0/x86_64/subversion-1.6.17-0.1.20060mlcs4.x86_64.rpm
feb1ad3849b68b49b38e124db0b0d633 corporate/4.0/x86_64/subversion-devel-1.6.17-0.1.20060mlcs4.x86_64.rpm
a0ed185c8c0aa4e4b0186f8aa08dc6b4 corporate/4.0/x86_64/subversion-doc-1.6.17-0.1.20060mlcs4.x86_64.rpm
0d9bdee90a50428480922d2e882f6fe3 corporate/4.0/x86_64/subversion-server-1.6.17-0.1.20060mlcs4.x86_64.rpm
e5afc579bb3fbc44509241e010549e53 corporate/4.0/x86_64/subversion-tools-1.6.17-0.1.20060mlcs4.x86_64.rpm
229c77a2d2172dbb17cc496d169e8dec corporate/4.0/SRPMS/subversion-1.6.17-0.1.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
d8165cb83dada65ebc80808c55c99f5d mes5/i586/apache-mod_dav_svn-1.6.17-0.1mdvmes5.2.i586.rpm
5e653275497d01bab284741d509fcc20 mes5/i586/apache-mod_dontdothat-1.6.17-0.1mdvmes5.2.i586.rpm
93ce20f3fc00bf2b0d2136b7c35538ed mes5/i586/libsvn0-1.6.17-0.1mdvmes5.2.i586.rpm
c8602d9ca59963d8f288d7c1ea718cb3 mes5/i586/libsvnjavahl1-1.6.17-0.1mdvmes5.2.i586.rpm
f148fab1eedbcf9a9f19d3e60c6cfadf mes5/i586/perl-SVN-1.6.17-0.1mdvmes5.2.i586.rpm
d631ac32c1563680d7c5cc9bcbfcfb6b mes5/i586/python-svn-1.6.17-0.1mdvmes5.2.i586.rpm
06f830bce3b8e01f2fd40b5c637ab986 mes5/i586/ruby-svn-1.6.17-0.1mdvmes5.2.i586.rpm
357ceb371acfcd3eb9cd88caa107a53b mes5/i586/subversion-1.6.17-0.1mdvmes5.2.i586.rpm
b3aa7097cb52e07a775653d822aa7dba mes5/i586/subversion-devel-1.6.17-0.1mdvmes5.2.i586.rpm
798e56237c5ea86ad3f78dc28efe5872 mes5/i586/subversion-doc-1.6.17-0.1mdvmes5.2.i586.rpm
973d3c726f9d0c502acfeacad69ac614 mes5/i586/subversion-server-1.6.17-0.1mdvmes5.2.i586.rpm
46f2b4d4539d7da8848a182a9b28afbd mes5/i586/subversion-tools-1.6.17-0.1mdvmes5.2.i586.rpm
56254352fdc6c10f56e03b8a50089105 mes5/i586/svn-javahl-1.6.17-0.1mdvmes5.2.i586.rpm
c036e0758d2b25ecaf2b2773306dc9f1 mes5/SRPMS/subversion-1.6.17-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
e41d3cd15e340df2903d1ae5fcaa958e mes5/x86_64/apache-mod_dav_svn-1.6.17-0.1mdvmes5.2.x86_64.rpm
d84d598685b49e33b29b99e73bd25e61 mes5/x86_64/apache-mod_dontdothat-1.6.17-0.1mdvmes5.2.x86_64.rpm
67cc1d9ac7ac69fa494bb3c0c3ab1b24 mes5/x86_64/lib64svn0-1.6.17-0.1mdvmes5.2.x86_64.rpm
0c93407253c6456cf47ac40fdf903ae0 mes5/x86_64/lib64svnjavahl1-1.6.17-0.1mdvmes5.2.x86_64.rpm
9662f86183093a782ff143ff1c3f61a8 mes5/x86_64/perl-SVN-1.6.17-0.1mdvmes5.2.x86_64.rpm
74879ef216a0286b463c8713e1045b43 mes5/x86_64/python-svn-1.6.17-0.1mdvmes5.2.x86_64.rpm
032060ecadfbfaff5c94a2df6b7b1157 mes5/x86_64/ruby-svn-1.6.17-0.1mdvmes5.2.x86_64.rpm
4ca2ddde563edde87e5864e419db655b mes5/x86_64/subversion-1.6.17-0.1mdvmes5.2.x86_64.rpm
a7690a8ee3c367539958d740bd885252 mes5/x86_64/subversion-devel-1.6.17-0.1mdvmes5.2.x86_64.rpm
6b1d4297f49e1703a69e5c73ee380686 mes5/x86_64/subversion-doc-1.6.17-0.1mdvmes5.2.x86_64.rpm
316dc293f1c4871b9833ecffc7e809b0 mes5/x86_64/subversion-server-1.6.17-0.1mdvmes5.2.x86_64.rpm
d644829032a7bf93945ef6376cf1ed9c mes5/x86_64/subversion-tools-1.6.17-0.1mdvmes5.2.x86_64.rpm
b25e044ca25e3891dfd4699b94bc10e2 mes5/x86_64/svn-javahl-1.6.17-0.1mdvmes5.2.x86_64.rpm
c036e0758d2b25ecaf2b2773306dc9f1 mes5/SRPMS/subversion-1.6.17-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN6cg2mqjQ0CJFipgRAqj2AKCRyKt813e0OmWSTU5bL58KCmUwowCfT6RY
DDOtowgSctAg4EX+tLXIvRQ=
=zsmM
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close