lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WN1M4-0001SX-V6@titan.mandriva.com>
Date: Mon, 10 Mar 2014 15:39:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:049 ] subversion

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:049
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : subversion
 Date    : March 10, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in subversion:
 
 The get_resource function in repos.c in the mod_dav_svn module
 in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when
 SVNListParentPath is enabled, allows remote attackers to cause a
 denial of service (crash) via vectors related to the server root
 and request methods other than GET, as demonstrated by the svn ls
 http://svn.example.com command (CVE-2014-0032).
 
 This advisory provides the latest version of subversion (1.7.16)
 which is not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
 http://subversion.apache.org/security/CVE-2014-0032-advisory.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 25a0792c0644c3469694b1aed87920c4  mes5/i586/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.i586.rpm
 5c4a0db4d471323f53b1062f495cc4d7  mes5/i586/libsvn0-1.7.16-0.1mdvmes5.2.i586.rpm
 cf1185d10113c2ba5bfa5be6bc2c0c47  mes5/i586/libsvnjavahl1-1.7.16-0.1mdvmes5.2.i586.rpm
 e3cc87ab3d41b46bf520bb292c12526f  mes5/i586/perl-SVN-1.7.16-0.1mdvmes5.2.i586.rpm
 27b585a2d79689d73233463841f2bc80  mes5/i586/perl-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 0039001ca9d125bfb557cffcc2f5b8c5  mes5/i586/python-svn-1.7.16-0.1mdvmes5.2.i586.rpm
 4776c4ae660efbbc357c3c35fc9bd01f  mes5/i586/python-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 6708ceca95968af6a53b6181278f8252  mes5/i586/ruby-svn-1.7.16-0.1mdvmes5.2.i586.rpm
 261064f1e40912db8c0a863e0b907a6f  mes5/i586/ruby-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 a115aab61321b6fa8180c0debfc2ebe2  mes5/i586/subversion-1.7.16-0.1mdvmes5.2.i586.rpm
 942c99bfabaf203e5e10ac3ef394e63b  mes5/i586/subversion-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 32096c5120feb2ea6ece0675ef24412a  mes5/i586/subversion-doc-1.7.16-0.1mdvmes5.2.i586.rpm
 35943db397129b7b6ab1ec48014356e8  mes5/i586/subversion-server-1.7.16-0.1mdvmes5.2.i586.rpm
 377718f8801578a0a02afd21daa9d96d  mes5/i586/subversion-tools-1.7.16-0.1mdvmes5.2.i586.rpm
 be6f8cc3ef11f7219f6a07824795ed41  mes5/i586/svn-javahl-1.7.16-0.1mdvmes5.2.i586.rpm 
 f9511b3a764f7f5c0297b5c6478a05d5  mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 fe630b13878ebd2eef2301836d42a833  mes5/x86_64/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 34ea50c0238c1a71a0fb518ae81441a6  mes5/x86_64/lib64svn0-1.7.16-0.1mdvmes5.2.x86_64.rpm
 a18979e9ea94488d2862e725b91ac995  mes5/x86_64/lib64svnjavahl1-1.7.16-0.1mdvmes5.2.x86_64.rpm
 d186d26bf20b5b9cd6b6727f794b0747  mes5/x86_64/perl-SVN-1.7.16-0.1mdvmes5.2.x86_64.rpm
 ba6923c0cb1f53ac8c96b682df7e5711  mes5/x86_64/perl-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 18ef94dc37d3f7c4b161fdb71cb1900e  mes5/x86_64/python-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 e0615817d08e9bdc3151d8de7b6f88da  mes5/x86_64/python-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 8f3f546f4b57e2e6fe2d951e02eafde1  mes5/x86_64/ruby-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 0dd7b95e42ebe58bc5a3a368142f7de6  mes5/x86_64/ruby-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 da5acbb29a65970a911fdfd44e39e9d6  mes5/x86_64/subversion-1.7.16-0.1mdvmes5.2.x86_64.rpm
 e4ccfd66a649b933ecc7bfd1fdba686d  mes5/x86_64/subversion-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 074511092d7547f4c01f7820c4a00cab  mes5/x86_64/subversion-doc-1.7.16-0.1mdvmes5.2.x86_64.rpm
 2cada523fcd8673de0fb2f99de60dad6  mes5/x86_64/subversion-server-1.7.16-0.1mdvmes5.2.x86_64.rpm
 0f435f9026b9460c5be686a4d8218350  mes5/x86_64/subversion-tools-1.7.16-0.1mdvmes5.2.x86_64.rpm
 933d8dfd42cdd71c6d43b7bec209a5e7  mes5/x86_64/svn-javahl-1.7.16-0.1mdvmes5.2.x86_64.rpm 
 f9511b3a764f7f5c0297b5c6478a05d5  mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 5095fc2f7b63d2374ba366051a873b58  mbs1/x86_64/apache-mod_dav_svn-1.7.16-0.1.mbs1.x86_64.rpm
 633a46f34b6da14ddcab055dcc7b43c6  mbs1/x86_64/lib64svn0-1.7.16-0.1.mbs1.x86_64.rpm
 1ca8f4e33ce81302d36912ed217f80b3  mbs1/x86_64/lib64svn-gnome-keyring0-1.7.16-0.1.mbs1.x86_64.rpm
 f70f985409153583212517dbada5ab0b  mbs1/x86_64/lib64svnjavahl1-1.7.16-0.1.mbs1.x86_64.rpm
 ed488e73c53881ada31cba91eab5b086  mbs1/x86_64/perl-SVN-1.7.16-0.1.mbs1.x86_64.rpm
 ed510f571e41eb525e342ec597d1cfbe  mbs1/x86_64/perl-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
 6d4359f416b2a54ea9bb54275bc9cff2  mbs1/x86_64/python-svn-1.7.16-0.1.mbs1.x86_64.rpm
 406091c32bc4423da6afccf201e27ffb  mbs1/x86_64/python-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
 6ccff4806cb52a1694387c97c9b9e016  mbs1/x86_64/ruby-svn-1.7.16-0.1.mbs1.x86_64.rpm
 e5d7242d92ca6ea497a308f7b34fe207  mbs1/x86_64/ruby-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
 edb6502354863c56f29e7e65d75a21df  mbs1/x86_64/subversion-1.7.16-0.1.mbs1.x86_64.rpm
 71f817eda62ba04e639137541f85a7a1  mbs1/x86_64/subversion-devel-1.7.16-0.1.mbs1.x86_64.rpm
 1daf40a5cb7aff387e9cd52eaf5cec1a  mbs1/x86_64/subversion-doc-1.7.16-0.1.mbs1.x86_64.rpm
 da9f368e0f57688ad2727cf8f38650bb  mbs1/x86_64/subversion-gnome-keyring-devel-1.7.16-0.1.mbs1.x86_64.rpm
 2e96f1e645fe8ee6b398161e1cf1bd8a  mbs1/x86_64/subversion-server-1.7.16-0.1.mbs1.x86_64.rpm
 aef744152ee3c6f2298dca3ce64a3365  mbs1/x86_64/subversion-tools-1.7.16-0.1.mbs1.x86_64.rpm
 9e3a148929cbbcdaeffdc74f5082abf8  mbs1/x86_64/svn-javahl-1.7.16-0.1.mbs1.x86_64.rpm 
 b480b905c3a423649991f29d8853a006  mbs1/SRPMS/subversion-1.7.16-0.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTHaKgmqjQ0CJFipgRAnvPAJ9MZ1sKSMshIi2uRtzVu63Jgpa1vACgosTF
HKgtP0IPcxhUN9djE9HZwsk=
=EunO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ