lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UnBma-0003kw-N1@titan.mandriva.com>
Date: Thu, 13 Jun 2013 19:58:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:173 ] subversion

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:173
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : subversion
 Date    : June 13, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in subversion:
 
 If a filename which contains a newline character (ASCII 0x0a)
 is committed to a repository using the FSFS format, the resulting
 revision is corrupt. This can lead to disruption for users of the
 repository (CVE-2013-1968).
 
 Subversion&#039;s svnserve server process may exit when an incoming TCP
 connection is closed early in the connection process. This can lead
 to disruption for users of the server (CVE-2013-2112).
 
 This advisory provides the latest versions of subversion
 (1.6.23/1.7.10) which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112
 http://subversion.apache.org/security/CVE-2013-1968-advisory.txt
 http://subversion.apache.org/security/CVE-2013-2112-advisory.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 131a0451a20a116151def1bb4240b102  mes5/i586/apache-mod_dav_svn-1.6.23-0.1mdvmes5.2.i586.rpm
 eee20686ffae03646f8c849e33f44360  mes5/i586/apache-mod_dontdothat-1.6.23-0.1mdvmes5.2.i586.rpm
 8440bcd1e593f325728ea6bd0a21f80d  mes5/i586/libsvn0-1.6.23-0.1mdvmes5.2.i586.rpm
 607748fe61df7f35d52bc82ec03c9a67  mes5/i586/libsvnjavahl1-1.6.23-0.1mdvmes5.2.i586.rpm
 e6913bb295f8810d632dc699888a7e6a  mes5/i586/perl-SVN-1.6.23-0.1mdvmes5.2.i586.rpm
 ee552c9ebb20a8384a25dae7bbbb0816  mes5/i586/python-svn-1.6.23-0.1mdvmes5.2.i586.rpm
 05961e48fc20f5303e9d49f4d6f715e5  mes5/i586/ruby-svn-1.6.23-0.1mdvmes5.2.i586.rpm
 54dcdd8dcb2f953c511abeb4a19173f6  mes5/i586/subversion-1.6.23-0.1mdvmes5.2.i586.rpm
 bfac1c0ea2758ce3e2b21ebfba53846e  mes5/i586/subversion-devel-1.6.23-0.1mdvmes5.2.i586.rpm
 f8568714332798f5488eb3da460e6dd9  mes5/i586/subversion-doc-1.6.23-0.1mdvmes5.2.i586.rpm
 8ea846e80917df50536fece8bd792cea  mes5/i586/subversion-server-1.6.23-0.1mdvmes5.2.i586.rpm
 5f934c5019a060f3a55529e5dafd331e  mes5/i586/subversion-tools-1.6.23-0.1mdvmes5.2.i586.rpm
 0c6f70281c91a449cc2a84c1d555f72f  mes5/i586/svn-javahl-1.6.23-0.1mdvmes5.2.i586.rpm 
 555d17a58efeced4a57efb33eadc39be  mes5/SRPMS/subversion-1.6.23-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 50c81e373fe650024014f4308546ac17  mes5/x86_64/apache-mod_dav_svn-1.6.23-0.1mdvmes5.2.x86_64.rpm
 729b85dff018808ed9ebd5a09cb46dab  mes5/x86_64/apache-mod_dontdothat-1.6.23-0.1mdvmes5.2.x86_64.rpm
 618a89de1ff48514b7d153b4375d5a0e  mes5/x86_64/lib64svn0-1.6.23-0.1mdvmes5.2.x86_64.rpm
 6755bee85225a0c029fd505e31f99e6f  mes5/x86_64/lib64svnjavahl1-1.6.23-0.1mdvmes5.2.x86_64.rpm
 4ded75c4e650788b18a937dac27548e1  mes5/x86_64/perl-SVN-1.6.23-0.1mdvmes5.2.x86_64.rpm
 2c639f9f42c15ac323d46c2c26ceb5bd  mes5/x86_64/python-svn-1.6.23-0.1mdvmes5.2.x86_64.rpm
 beb83feaf1a7a6ca8120aa86279329ab  mes5/x86_64/ruby-svn-1.6.23-0.1mdvmes5.2.x86_64.rpm
 79e5c84f4f9200b7b708f87969e4e913  mes5/x86_64/subversion-1.6.23-0.1mdvmes5.2.x86_64.rpm
 b070d1842ddae3c4b227d9396c3d48f2  mes5/x86_64/subversion-devel-1.6.23-0.1mdvmes5.2.x86_64.rpm
 13ea5d25cce79b78555127c1639f0248  mes5/x86_64/subversion-doc-1.6.23-0.1mdvmes5.2.x86_64.rpm
 9c08924dca5a913f562afc0b17d6e7b5  mes5/x86_64/subversion-server-1.6.23-0.1mdvmes5.2.x86_64.rpm
 e6df2ebf5391278cb05e633d118d7a46  mes5/x86_64/subversion-tools-1.6.23-0.1mdvmes5.2.x86_64.rpm
 352235f62cb3a585b397b67f8f8687db  mes5/x86_64/svn-javahl-1.6.23-0.1mdvmes5.2.x86_64.rpm 
 555d17a58efeced4a57efb33eadc39be  mes5/SRPMS/subversion-1.6.23-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 96ce805f5926a86cfb9928ee4878adbc  mbs1/x86_64/apache-mod_dav_svn-1.7.10-0.1.mbs1.x86_64.rpm
 e01f199c914dd3d686c0875d24456945  mbs1/x86_64/lib64svn0-1.7.10-0.1.mbs1.x86_64.rpm
 6cf641e169e452b6d650f3c40858fe5c  mbs1/x86_64/lib64svn-gnome-keyring0-1.7.10-0.1.mbs1.x86_64.rpm
 772edd952aafd1965ebb4409c9d51cf6  mbs1/x86_64/lib64svnjavahl1-1.7.10-0.1.mbs1.x86_64.rpm
 fdad77e3c7d89a1935cb90dd08c74d72  mbs1/x86_64/perl-SVN-1.7.10-0.1.mbs1.x86_64.rpm
 5b4eafd8291c21f1b12f059566b846db  mbs1/x86_64/perl-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm
 50f81c1a757ca4b1d2aeccce3eb2dca8  mbs1/x86_64/python-svn-1.7.10-0.1.mbs1.x86_64.rpm
 200676fbcb36e143ec01a3f6fccb3513  mbs1/x86_64/python-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm
 15004b7db070ded3caff2695df6d666b  mbs1/x86_64/ruby-svn-1.7.10-0.1.mbs1.x86_64.rpm
 dbd1df365ccbdd54f257bd507d662dc9  mbs1/x86_64/ruby-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm
 4218a85705e07010c6c5225c031264a0  mbs1/x86_64/subversion-1.7.10-0.1.mbs1.x86_64.rpm
 94bbd1b84ec6cd0919c347e04167a1be  mbs1/x86_64/subversion-devel-1.7.10-0.1.mbs1.x86_64.rpm
 1f398aca282bf1c5b38a31a6efdead37  mbs1/x86_64/subversion-doc-1.7.10-0.1.mbs1.x86_64.rpm
 53a64a1f5f948d9e4be6d39a1c0ec05f  mbs1/x86_64/subversion-gnome-keyring-devel-1.7.10-0.1.mbs1.x86_64.rpm
 b6cb7b09aa94fef2b6ff04a0dad3aa56  mbs1/x86_64/subversion-server-1.7.10-0.1.mbs1.x86_64.rpm
 27b5bb16fe21cd0585758c4b78751dc0  mbs1/x86_64/subversion-tools-1.7.10-0.1.mbs1.x86_64.rpm
 f6b44cd8103689e5456148d20671e630  mbs1/x86_64/svn-javahl-1.7.10-0.1.mbs1.x86_64.rpm 
 f243a17e3e149d4c961945bbeb4d880b  mbs1/SRPMS/subversion-1.7.10-0.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRudxBmqjQ0CJFipgRAhIaAKCN6Uww0VzElJ1TquZYXirDMBz9jwCeOHuV
ytl2RR3dbAHeFdfgq0wq5S0=
=pR4b
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ