what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2015-005

Mandriva Linux Security Advisory 2015-005
Posted Jan 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-005 - A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-3580, CVE-2014-8108
SHA-256 | d13ea010371425cf8a9fd6eb8987085bef55351cbb1da6f338800d6a56ee2ebd

Mandriva Linux Security Advisory 2015-005

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:005
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : subversion
Date : January 5, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated subversion packages fix security vulnerabilities:

A NULL pointer dereference flaw was found in the way mod_dav_svn
handled REPORT requests. A remote, unauthenticated attacker could
use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580).

A NULL pointer dereference flaw was found in the way mod_dav_svn
handled URIs for virtual transaction names. A remote, unauthenticated
attacker could send a request for a virtual transaction name that
does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
http://advisories.mageia.org/MGASA-2014-0545.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
1f354ed65a056a0b70d9d2be13b02979 mbs1/x86_64/apache-mod_dav_svn-1.7.19-1.mbs1.x86_64.rpm
3ae0fad77ef662db9cc15593e6b3e16c mbs1/x86_64/lib64svn0-1.7.19-1.mbs1.x86_64.rpm
086f52b7c9c2613a9dfdc2edd6456b87 mbs1/x86_64/lib64svn-gnome-keyring0-1.7.19-1.mbs1.x86_64.rpm
08502b3288cb52bbdcad5e1de62d7da1 mbs1/x86_64/lib64svnjavahl1-1.7.19-1.mbs1.x86_64.rpm
1b9e41016558998ccbf885a9d903efb9 mbs1/x86_64/perl-SVN-1.7.19-1.mbs1.x86_64.rpm
24e7f603b2d9fa85e74688410a653cd9 mbs1/x86_64/perl-svn-devel-1.7.19-1.mbs1.x86_64.rpm
ab734f1e83a67fc462ad73c1dd997782 mbs1/x86_64/python-svn-1.7.19-1.mbs1.x86_64.rpm
1fa42a41ed0d14e925e22ebaae5e4588 mbs1/x86_64/python-svn-devel-1.7.19-1.mbs1.x86_64.rpm
3a9e6f623b9d56c101105bebb94482f0 mbs1/x86_64/ruby-svn-1.7.19-1.mbs1.x86_64.rpm
3226dac8aba329eb3ce55da46f876ba2 mbs1/x86_64/ruby-svn-devel-1.7.19-1.mbs1.x86_64.rpm
4bedf492fa0684cdb22594e26994511f mbs1/x86_64/subversion-1.7.19-1.mbs1.x86_64.rpm
93e03dc4a459ce77bc7f9a597ecdd0e3 mbs1/x86_64/subversion-devel-1.7.19-1.mbs1.x86_64.rpm
2f9467b156e9a560d06873eb0add5859 mbs1/x86_64/subversion-doc-1.7.19-1.mbs1.x86_64.rpm
cb884252dd565d2df29645d7ab784728 mbs1/x86_64/subversion-gnome-keyring-devel-1.7.19-1.mbs1.x86_64.rpm
d23255839ec971356cdcf831ee592374 mbs1/x86_64/subversion-server-1.7.19-1.mbs1.x86_64.rpm
574b474f2eb518e0326f8975c354f19a mbs1/x86_64/subversion-tools-1.7.19-1.mbs1.x86_64.rpm
a4002b39cd679324b1b3274db3c41511 mbs1/x86_64/svn-javahl-1.7.19-1.mbs1.x86_64.rpm
64428cd0f639f7ec9dd033c04823f083 mbs1/SRPMS/subversion-1.7.19-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUqoNCmqjQ0CJFipgRAqwFAKCUALR1yu7OcAY6tP4LrYCdhQMJDACg7FG5
zlOOLTc8tjEXNuj5PnqflP0=
=huIz
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close