-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:006 http://www.mandriva.com/security/ _______________________________________________________________________ Package : subversion Date : January 14, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in subversion: The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections (CVE-2010-4539). Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command (CVE-2010-4644). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to the latest versions (1.5.9, 1.6.15) which is not affected by these issues and in turn contains many bugfixes as well. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4539 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4644 http://svn.apache.org/repos/asf/subversion/tags/1.5.9/CHANGES http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 7a21abe39672c92b26412f3194d9c6ed 2009.0/i586/apache-mod_dav_svn-1.5.9-0.1mdv2009.0.i586.rpm 88d9f13a4796fb8f6844ea62ebd5bd20 2009.0/i586/apache-mod_dontdothat-1.5.9-0.1mdv2009.0.i586.rpm 2612018face6868daea8ab73c095a94a 2009.0/i586/libsvn0-1.5.9-0.1mdv2009.0.i586.rpm d29c73930affdac3dd077d2c4376a077 2009.0/i586/libsvnjavahl0-1.5.9-0.1mdv2009.0.i586.rpm 9441d2fa1377b1ee460da526a6af69d3 2009.0/i586/perl-SVN-1.5.9-0.1mdv2009.0.i586.rpm d928aa58e55b57feb8d12ce39e481caa 2009.0/i586/python-svn-1.5.9-0.1mdv2009.0.i586.rpm cc162406e599ed9975e476cac07b8865 2009.0/i586/ruby-svn-1.5.9-0.1mdv2009.0.i586.rpm cb405f4288955c82eeddda9713da6388 2009.0/i586/subversion-1.5.9-0.1mdv2009.0.i586.rpm 4085cc298f5a5744454eb7c1f9b3686b 2009.0/i586/subversion-devel-1.5.9-0.1mdv2009.0.i586.rpm 107a4e0f87c447a01f70cb9ed10283de 2009.0/i586/subversion-doc-1.5.9-0.1mdv2009.0.i586.rpm 435eb48eed3a4ee29f46dcb3c314cd12 2009.0/i586/subversion-server-1.5.9-0.1mdv2009.0.i586.rpm 16486815c3c4d6bceb0744dce94d5fd2 2009.0/i586/subversion-tools-1.5.9-0.1mdv2009.0.i586.rpm 2e5e0f4921c386b4033c4e102c71c2f9 2009.0/i586/svn-javahl-1.5.9-0.1mdv2009.0.i586.rpm 12120682cdf620fd0d480fb266c3e7f2 2009.0/SRPMS/subversion-1.5.9-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d7a136acd449844ea429c0b5ad75326e 2009.0/x86_64/apache-mod_dav_svn-1.5.9-0.1mdv2009.0.x86_64.rpm 85ae467d73ebe355aa2d18e27e262fe7 2009.0/x86_64/apache-mod_dontdothat-1.5.9-0.1mdv2009.0.x86_64.rpm 96d8e72a8b499ef5551f6156de0f0eb6 2009.0/x86_64/lib64svn0-1.5.9-0.1mdv2009.0.x86_64.rpm 46784e6046d8d2a0c970f8c2901a59d6 2009.0/x86_64/lib64svnjavahl0-1.5.9-0.1mdv2009.0.x86_64.rpm 906689050f8308cd4ead89dae25792cb 2009.0/x86_64/perl-SVN-1.5.9-0.1mdv2009.0.x86_64.rpm d0bb679d6ffa4bf4263f7418b7a3a893 2009.0/x86_64/python-svn-1.5.9-0.1mdv2009.0.x86_64.rpm 1b51eab2eec5ca7ac47adf6d1f2a059b 2009.0/x86_64/ruby-svn-1.5.9-0.1mdv2009.0.x86_64.rpm 44276822239dd81c7f88e68e9c176867 2009.0/x86_64/subversion-1.5.9-0.1mdv2009.0.x86_64.rpm 86834e8f254935f6deda9060f582f3b2 2009.0/x86_64/subversion-devel-1.5.9-0.1mdv2009.0.x86_64.rpm 94e60bad3305f0f4835258623c52f9c6 2009.0/x86_64/subversion-doc-1.5.9-0.1mdv2009.0.x86_64.rpm 3d5aea7bb0c80f1118cdc5acdc1122c7 2009.0/x86_64/subversion-server-1.5.9-0.1mdv2009.0.x86_64.rpm 4d8ef22cf96004e1f00e6f93a9f483fa 2009.0/x86_64/subversion-tools-1.5.9-0.1mdv2009.0.x86_64.rpm fcf2fc1c15d17b3d34e3b11beba0b7a4 2009.0/x86_64/svn-javahl-1.5.9-0.1mdv2009.0.x86_64.rpm 12120682cdf620fd0d480fb266c3e7f2 2009.0/SRPMS/subversion-1.5.9-0.1mdv2009.0.src.rpm Mandriva Linux 2010.0: 9ce13f0b3cfc3970576c4b95325347ca 2010.0/i586/apache-mod_dav_svn-1.6.15-0.1mdv2010.0.i586.rpm 49b626048b87824851c24bae3d6d85d4 2010.0/i586/apache-mod_dontdothat-1.6.15-0.1mdv2010.0.i586.rpm 7e605d5dd258ec3b4c3219d650ba3584 2010.0/i586/libsvn0-1.6.15-0.1mdv2010.0.i586.rpm bc1427f46567b23065061551e32c9884 2010.0/i586/libsvnjavahl1-1.6.15-0.1mdv2010.0.i586.rpm 4397c2a2670bfe9d64c2b19c48cf4b1c 2010.0/i586/perl-SVN-1.6.15-0.1mdv2010.0.i586.rpm 36ede5f9b311e0b555158848e3ae6b77 2010.0/i586/python-svn-1.6.15-0.1mdv2010.0.i586.rpm bfb5c1ce016f5cc9276a59eb2193efb0 2010.0/i586/ruby-svn-1.6.15-0.1mdv2010.0.i586.rpm b88dbfd8558a44d51336fb69dac97ffc 2010.0/i586/subversion-1.6.15-0.1mdv2010.0.i586.rpm be9bea3f9e80d9b889f324d5c41798f9 2010.0/i586/subversion-devel-1.6.15-0.1mdv2010.0.i586.rpm cc6df71b52ea803c8f6ca0e7dadc30c0 2010.0/i586/subversion-doc-1.6.15-0.1mdv2010.0.i586.rpm d1361618ec7f94b94ca3dba8f121d947 2010.0/i586/subversion-server-1.6.15-0.1mdv2010.0.i586.rpm baa2b15c5c5639c9af1990a08526d243 2010.0/i586/subversion-tools-1.6.15-0.1mdv2010.0.i586.rpm 0f875b126737242f2a2cc83e5700ad29 2010.0/i586/svn-javahl-1.6.15-0.1mdv2010.0.i586.rpm abc5d49701eefadb1bcd5da8e55e44f0 2010.0/SRPMS/subversion-1.6.15-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 3d5bb65838d6a3f9e761affd7e0d08e0 2010.0/x86_64/apache-mod_dav_svn-1.6.15-0.1mdv2010.0.x86_64.rpm 8d11e114439e373ffa0f2c64dd0be9d2 2010.0/x86_64/apache-mod_dontdothat-1.6.15-0.1mdv2010.0.x86_64.rpm 3dd0674c3bd2bcb28ea062a81947002c 2010.0/x86_64/lib64svn0-1.6.15-0.1mdv2010.0.x86_64.rpm c187178c9b1a8fd3b8c7682a8bd8d7d7 2010.0/x86_64/lib64svnjavahl1-1.6.15-0.1mdv2010.0.x86_64.rpm c64c780b75d12bcbe9fa545048e8e23e 2010.0/x86_64/perl-SVN-1.6.15-0.1mdv2010.0.x86_64.rpm beb3af8cd75fa3863e1a4cccd3da21d0 2010.0/x86_64/python-svn-1.6.15-0.1mdv2010.0.x86_64.rpm 4478f77f42d3da219ea0f0313c7d7715 2010.0/x86_64/ruby-svn-1.6.15-0.1mdv2010.0.x86_64.rpm 5e72c7c914fe517904a4c830857ea796 2010.0/x86_64/subversion-1.6.15-0.1mdv2010.0.x86_64.rpm 30dbee2f306b8433e5e7a3f86707e825 2010.0/x86_64/subversion-devel-1.6.15-0.1mdv2010.0.x86_64.rpm 7bd341afd9291bf551af9384f210701b 2010.0/x86_64/subversion-doc-1.6.15-0.1mdv2010.0.x86_64.rpm 7448817aa3d256f222ca62f84805ed65 2010.0/x86_64/subversion-server-1.6.15-0.1mdv2010.0.x86_64.rpm a21a4099430c3e5ef7347d92b376da63 2010.0/x86_64/subversion-tools-1.6.15-0.1mdv2010.0.x86_64.rpm d8e463e8860bd378fc26a99bd293c288 2010.0/x86_64/svn-javahl-1.6.15-0.1mdv2010.0.x86_64.rpm abc5d49701eefadb1bcd5da8e55e44f0 2010.0/SRPMS/subversion-1.6.15-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: dec5f80fbd38aa045cb4fd1be2b90eba 2010.1/i586/apache-mod_dav_svn-1.6.15-0.1mdv2010.2.i586.rpm a1fcb5b25dd0f2f186c83d2643a5a421 2010.1/i586/apache-mod_dontdothat-1.6.15-0.1mdv2010.2.i586.rpm 83adff58142abffedeff301fff719404 2010.1/i586/libsvn0-1.6.15-0.1mdv2010.2.i586.rpm 7e01bae50f2ff7d4f8818fdac621c50d 2010.1/i586/libsvn-gnome-keyring0-1.6.15-0.1mdv2010.2.i586.rpm ed1ce5cdd387ad6b20acdcd99d1a7961 2010.1/i586/libsvnjavahl1-1.6.15-0.1mdv2010.2.i586.rpm 998cf950719e3a0e777337ebc40102f9 2010.1/i586/libsvn-kwallet0-1.6.15-0.1mdv2010.2.i586.rpm a69224b4c28c61015b7d21496b80d33a 2010.1/i586/perl-SVN-1.6.15-0.1mdv2010.2.i586.rpm 49b3c19b85b37d81ceef569b2e43d16d 2010.1/i586/python-svn-1.6.15-0.1mdv2010.2.i586.rpm d92ce83e9d7e01b1cbaba9d738ca4e6f 2010.1/i586/ruby-svn-1.6.15-0.1mdv2010.2.i586.rpm 166ff100673fcf341b5e585997e1a700 2010.1/i586/subversion-1.6.15-0.1mdv2010.2.i586.rpm a89fa806360ad34725768bb4df4daf34 2010.1/i586/subversion-devel-1.6.15-0.1mdv2010.2.i586.rpm 2cbc034899541e955af9992071f034e0 2010.1/i586/subversion-doc-1.6.15-0.1mdv2010.2.i586.rpm f9655b2f2a6c46a0d5ba11612e812509 2010.1/i586/subversion-server-1.6.15-0.1mdv2010.2.i586.rpm 4779985d0806ab357db6e18cf28ec066 2010.1/i586/subversion-tools-1.6.15-0.1mdv2010.2.i586.rpm 4c10038330a799797c7b15853917afc4 2010.1/i586/svn-javahl-1.6.15-0.1mdv2010.2.i586.rpm 87c317d227246d3fa6b1d4e6a190bf68 2010.1/SRPMS/subversion-1.6.15-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 03eb4b91fcdf875e337bed37864c7868 2010.1/x86_64/apache-mod_dav_svn-1.6.15-0.1mdv2010.2.x86_64.rpm a1a3d1a4e31cb70b21efeb94d87543b8 2010.1/x86_64/apache-mod_dontdothat-1.6.15-0.1mdv2010.2.x86_64.rpm 3631948b49958ef80f8bd33bb752e744 2010.1/x86_64/lib64svn0-1.6.15-0.1mdv2010.2.x86_64.rpm 5717b0f23a1555e853cbe17225dab33a 2010.1/x86_64/lib64svn-gnome-keyring0-1.6.15-0.1mdv2010.2.x86_64.rpm 6a96b30aca81da636cf8037081c30a88 2010.1/x86_64/lib64svnjavahl1-1.6.15-0.1mdv2010.2.x86_64.rpm 4c24e4c040aeb0387d19860389c5a55e 2010.1/x86_64/lib64svn-kwallet0-1.6.15-0.1mdv2010.2.x86_64.rpm b1b39710af773bf35bdf857b7e2b2864 2010.1/x86_64/perl-SVN-1.6.15-0.1mdv2010.2.x86_64.rpm 8d291663278076a00ee568f45b690453 2010.1/x86_64/python-svn-1.6.15-0.1mdv2010.2.x86_64.rpm afd7024cd10cd5561d33ff5c4327de03 2010.1/x86_64/ruby-svn-1.6.15-0.1mdv2010.2.x86_64.rpm 5af5bf75ca0fa36c654caa163cca6b4a 2010.1/x86_64/subversion-1.6.15-0.1mdv2010.2.x86_64.rpm 65745b82fe751ef8bf3b998c191375af 2010.1/x86_64/subversion-devel-1.6.15-0.1mdv2010.2.x86_64.rpm 0da10e400f9f6bf0de1387f20e134246 2010.1/x86_64/subversion-doc-1.6.15-0.1mdv2010.2.x86_64.rpm 35eca9506902873eea3115a2db70b782 2010.1/x86_64/subversion-server-1.6.15-0.1mdv2010.2.x86_64.rpm 85be106ec54a956213b5cf852af1e58f 2010.1/x86_64/subversion-tools-1.6.15-0.1mdv2010.2.x86_64.rpm d59b917ac393a9ff4d7bf174fd4aa208 2010.1/x86_64/svn-javahl-1.6.15-0.1mdv2010.2.x86_64.rpm 87c317d227246d3fa6b1d4e6a190bf68 2010.1/SRPMS/subversion-1.6.15-0.1mdv2010.2.src.rpm Corporate 4.0: 8d2a19115be8823e248781274d75b3b1 corporate/4.0/i586/apache-mod_dav_svn-1.5.9-0.1.20060mlcs4.i586.rpm 1ed28041d41a5338921600ce7bfc3615 corporate/4.0/i586/apache-mod_dontdothat-1.5.9-0.1.20060mlcs4.i586.rpm 2037e925a9441e7728da60fcced77a27 corporate/4.0/i586/libsvn0-1.5.9-0.1.20060mlcs4.i586.rpm b36d906936f99dc04feb3631d833cf00 corporate/4.0/i586/perl-SVN-1.5.9-0.1.20060mlcs4.i586.rpm 95f4238864604d37ef5b87d0bb596148 corporate/4.0/i586/python-svn-1.5.9-0.1.20060mlcs4.i586.rpm 117fe8ec98de938598452207efbf9fda corporate/4.0/i586/subversion-1.5.9-0.1.20060mlcs4.i586.rpm c9a57efb99a653d384d54c68dce2f31a corporate/4.0/i586/subversion-devel-1.5.9-0.1.20060mlcs4.i586.rpm 74d8a9983f589f7635aa945fa25d91db corporate/4.0/i586/subversion-doc-1.5.9-0.1.20060mlcs4.i586.rpm 0f70b51a0f89aa939a11e2f841dee673 corporate/4.0/i586/subversion-server-1.5.9-0.1.20060mlcs4.i586.rpm f75a4d15d19709b807ce80b1ad3818e3 corporate/4.0/i586/subversion-tools-1.5.9-0.1.20060mlcs4.i586.rpm 0f1f3c4ef39d08eebfa9f64a44fb8430 corporate/4.0/SRPMS/subversion-1.5.9-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: ca039496647c64f860fe1e00aca44a5c corporate/4.0/x86_64/apache-mod_dav_svn-1.5.9-0.1.20060mlcs4.x86_64.rpm 10084212c7ff6b014f96077c55526723 corporate/4.0/x86_64/apache-mod_dontdothat-1.5.9-0.1.20060mlcs4.x86_64.rpm 1df7b077de771bff61dda880fc695af6 corporate/4.0/x86_64/lib64svn0-1.5.9-0.1.20060mlcs4.x86_64.rpm 0e82b7d932e1a8167808e388d34f791a corporate/4.0/x86_64/perl-SVN-1.5.9-0.1.20060mlcs4.x86_64.rpm 1b0a60dd681476cfc01a4cf210c32aca corporate/4.0/x86_64/python-svn-1.5.9-0.1.20060mlcs4.x86_64.rpm f0146f8282a63d10541b33051a867ae8 corporate/4.0/x86_64/subversion-1.5.9-0.1.20060mlcs4.x86_64.rpm 9ad1915a11b53eee99882425c541d09f corporate/4.0/x86_64/subversion-devel-1.5.9-0.1.20060mlcs4.x86_64.rpm f8eda6c300e58a4dbdf7591eb9e2f11e corporate/4.0/x86_64/subversion-doc-1.5.9-0.1.20060mlcs4.x86_64.rpm 431c6c3244a7fcf5d13fa6bba0819578 corporate/4.0/x86_64/subversion-server-1.5.9-0.1.20060mlcs4.x86_64.rpm 4beb7b504c3967accfc9c1eb6fb404d8 corporate/4.0/x86_64/subversion-tools-1.5.9-0.1.20060mlcs4.x86_64.rpm 0f1f3c4ef39d08eebfa9f64a44fb8430 corporate/4.0/SRPMS/subversion-1.5.9-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 7837b3a4791587e8c14ba2dae700207e mes5/i586/apache-mod_dav_svn-1.5.9-0.1mdvmes5.1.i586.rpm c192fa218ecd630de6f7498c190f38d5 mes5/i586/apache-mod_dontdothat-1.5.9-0.1mdvmes5.1.i586.rpm 9d7cf69454418a603cdd4fc587854f77 mes5/i586/libsvn0-1.5.9-0.1mdvmes5.1.i586.rpm cffd8299ccf9d2023e8f18fbe6944842 mes5/i586/libsvnjavahl0-1.5.9-0.1mdvmes5.1.i586.rpm bd2daa779a85daee9dcd12f9db4e4031 mes5/i586/perl-SVN-1.5.9-0.1mdvmes5.1.i586.rpm a2eead888b2eee6909f4d06692c239f4 mes5/i586/python-svn-1.5.9-0.1mdvmes5.1.i586.rpm c588d994f22c4b7c8540ddeec6373200 mes5/i586/ruby-svn-1.5.9-0.1mdvmes5.1.i586.rpm 2764276a059683df14352157c39b5069 mes5/i586/subversion-1.5.9-0.1mdvmes5.1.i586.rpm 9c0f465b023769ac65321a8ebccedf79 mes5/i586/subversion-devel-1.5.9-0.1mdvmes5.1.i586.rpm d0136103d43b353ca80b5756a787b54d mes5/i586/subversion-doc-1.5.9-0.1mdvmes5.1.i586.rpm 4b98c0cfaeb9434dc8b50b3ceed1a67f mes5/i586/subversion-server-1.5.9-0.1mdvmes5.1.i586.rpm 971c676111ca2de221592eacfc380c13 mes5/i586/subversion-tools-1.5.9-0.1mdvmes5.1.i586.rpm 3b84f238fed19a6903b00aafa915ce46 mes5/i586/svn-javahl-1.5.9-0.1mdvmes5.1.i586.rpm 1d3fed3472ebde32e7d28f6163882121 mes5/SRPMS/subversion-1.5.9-0.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: e70ade9cabb1516102bf31d5b445ce68 mes5/x86_64/apache-mod_dav_svn-1.5.9-0.1mdvmes5.1.x86_64.rpm f93218c1805aeba0b3ea1ad5c7781edc mes5/x86_64/apache-mod_dontdothat-1.5.9-0.1mdvmes5.1.x86_64.rpm 100d3c8d9d3233794c069214284adad7 mes5/x86_64/lib64svn0-1.5.9-0.1mdvmes5.1.x86_64.rpm 1fd063baf103593d07396f7f813ba1ca mes5/x86_64/lib64svnjavahl0-1.5.9-0.1mdvmes5.1.x86_64.rpm e513397cf9f57a998fef93c18f8b1c70 mes5/x86_64/perl-SVN-1.5.9-0.1mdvmes5.1.x86_64.rpm 079208d3a916cb82e265017fe0d8d0fa mes5/x86_64/python-svn-1.5.9-0.1mdvmes5.1.x86_64.rpm 037382a319e5b9dc8eeb96930605c903 mes5/x86_64/ruby-svn-1.5.9-0.1mdvmes5.1.x86_64.rpm e1ee4bee55ff9b45b71321168b3708c1 mes5/x86_64/subversion-1.5.9-0.1mdvmes5.1.x86_64.rpm eceee9441fb6a042162bd31d0ad5b61f mes5/x86_64/subversion-devel-1.5.9-0.1mdvmes5.1.x86_64.rpm 7fca4a0c543e1a78359a21e41326a30d mes5/x86_64/subversion-doc-1.5.9-0.1mdvmes5.1.x86_64.rpm d522020b6bf337f4f91577d223c2df0e mes5/x86_64/subversion-server-1.5.9-0.1mdvmes5.1.x86_64.rpm 2e46e9c51ba24b6dddc19bb8a9c43bf7 mes5/x86_64/subversion-tools-1.5.9-0.1mdvmes5.1.x86_64.rpm 699f68f6303db0104e2841ade7388f68 mes5/x86_64/svn-javahl-1.5.9-0.1mdvmes5.1.x86_64.rpm 1d3fed3472ebde32e7d28f6163882121 mes5/SRPMS/subversion-1.5.9-0.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNMCXxmqjQ0CJFipgRAj6fAJ93P2E0ZwS/Xu0HEgQp0AH5t2HFfgCdEOyQ gkhTTXZIVuNisPBYGG9BQsY= =UUY3 -----END PGP SIGNATURE-----