Updated subversion packages fix CVE-2014-0032
Publication date: 27 Feb 2014Modification date: 27 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0032
Description
Updated subversion packages fix security vulnerability:
The mod_dav_svn module in Apache Subversion before 1.8.8, when
SVNListParentPath is enabled, allows remote attackers to cause a denial
of service (crash) via an OPTIONS request (CVE-2014-0032).
The package has been patched to correct this issue.
Additionally, the svnserve service was using the incorrect root directory
for the repositories. This has also been corrected. The root directory is
now defined in the /etc/sysconfig/svnserve file.
References
- https://subversion.apache.org/security/CVE-2014-0032-advisory.txt
- https://mail-archives.apache.org/mod_mbox/subversion-dev/201402.mbox/%3C530633AC.2050507@apache.org%3E
- https://bugs.mageia.org/show_bug.cgi?id=12059
- https://bugs.mageia.org/show_bug.cgi?id=12768.mga3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
SRPMS
3/core
- subversion-1.7.14-1.1.mga3