Twenty Year Anniversary

Mandriva Linux Security Advisory 2013-153

Mandriva Linux Security Advisory 2013-153
Posted Apr 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-153 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. Subversion's mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range. This can lead to a DoS. There are no known instances of this problem being used as a DoS in the wild. The updated packages have been upgraded to the 1.7.9 version which is not affected by these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884
MD5 | 1b76fc8f8318d05662cbd8772ebffd21

Mandriva Linux Security Advisory 2013-153

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:153
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : subversion
Date : April 26, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in subversion:

Subversion's mod_dav_svn Apache HTTPD server module will use excessive
amounts of memory when a large number of properties are set or deleted
on a node. This can lead to a DoS. There are no known instances of
this problem being observed in the wild (CVE-2013-1845).

Subversion's mod_dav_svn Apache HTTPD server module will crash when
a LOCK request is made against activity URLs. This can lead to a
DoS. There are no known instances of this problem being observed in
the wild (CVE-2013-1846).

Subversion's mod_dav_svn Apache HTTPD server module will crash in
some circumstances when a LOCK request is made against a non-existent
URL. This can lead to a DoS. There are no known instances of this
problem being observed in the wild (CVE-2013-1847).

Subversion's mod_dav_svn Apache HTTPD server module will crash when
a PROPFIND request is made against activity URLs. This can lead to a
DoS. There are no known instances of this problem being observed in
the wild, but the details of how to exploit it have been disclosed
on the full disclosure mailing list (CVE-2013-1849).

Subversion's mod_dav_svn Apache HTTPD server module will crash when
a log REPORT request receives a limit that is out of the allowed
range. This can lead to a DoS. There are no known instances of this
problem being used as a DoS in the wild (CVE-2013-1884).

The updated packages have been upgraded to the 1.7.9 version which
is not affected by these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884
http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
http://subversion.apache.org/security/CVE-2013-1849-advisory.txt
http://subversion.apache.org/security/CVE-2013-1884-advisory.txt
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
5ce768e2fb87f929434ef1523af5f071 mbs1/x86_64/apache-mod_dav_svn-1.7.9-0.1.mbs1.x86_64.rpm
fee5a24ddf1f71b779a4dafe8798b485 mbs1/x86_64/lib64svn0-1.7.9-0.1.mbs1.x86_64.rpm
96dea89acc95859c1f702b61d523a0fc mbs1/x86_64/lib64svn-gnome-keyring0-1.7.9-0.1.mbs1.x86_64.rpm
51a0fdeeb2fa19ed4bb30425d65600c1 mbs1/x86_64/lib64svnjavahl1-1.7.9-0.1.mbs1.x86_64.rpm
04e18cbeb0f37df16834201404e2bf63 mbs1/x86_64/perl-SVN-1.7.9-0.1.mbs1.x86_64.rpm
20d1650aa89db3d90be1e29cff922969 mbs1/x86_64/perl-svn-devel-1.7.9-0.1.mbs1.x86_64.rpm
c06608b6f9b2d7a071a4cd26e98f1509 mbs1/x86_64/python-svn-1.7.9-0.1.mbs1.x86_64.rpm
737c19de39f6b423c9896915de707b5c mbs1/x86_64/python-svn-devel-1.7.9-0.1.mbs1.x86_64.rpm
5ef1ba9b11b30da2c44a7460c778e914 mbs1/x86_64/ruby-svn-1.7.9-0.1.mbs1.x86_64.rpm
b48654f667bc791c33cc4e733ff5703c mbs1/x86_64/ruby-svn-devel-1.7.9-0.1.mbs1.x86_64.rpm
21c38964a176a5019f96068db6451b98 mbs1/x86_64/subversion-1.7.9-0.1.mbs1.x86_64.rpm
5ae9deda5675d71ff640be147a348be9 mbs1/x86_64/subversion-devel-1.7.9-0.1.mbs1.x86_64.rpm
e0619bb815343f3b95c5d9a6f13c0e70 mbs1/x86_64/subversion-doc-1.7.9-0.1.mbs1.x86_64.rpm
c7220afc2ec2488209ffa2fbd58e001d mbs1/x86_64/subversion-gnome-keyring-devel-1.7.9-0.1.mbs1.x86_64.rpm
930d7ad076e0d1090f0a915c9e83d0df mbs1/x86_64/subversion-server-1.7.9-0.1.mbs1.x86_64.rpm
34c88101115b1b50500b57686c335933 mbs1/x86_64/subversion-tools-1.7.9-0.1.mbs1.x86_64.rpm
615cd168dbbf2f465b5163f3a6bb98f0 mbs1/x86_64/svn-javahl-1.7.9-0.1.mbs1.x86_64.rpm
7cd8e2e90870fb9f42bb3c902db97edf mbs1/SRPMS/subversion-1.7.9-0.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFReje2mqjQ0CJFipgRAk6qAKDhcP/sXsaMAiWxfeQqaQGRIeZbhwCfa544
OzEzIgCO/qpayCyTD/EU4xc=
=qkQN
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close