Advisories ยป MGASA-2014-0104

Updated subversion packages fix CVE-2014-0032

Publication date: 27 Feb 2014
Modification date: 27 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0032

Description

Updated subversion packages fix security vulnerability:

The mod_dav_svn module in Apache Subversion before 1.8.8, when
SVNListParentPath is enabled, allows remote attackers to cause a denial
of service (crash) via an OPTIONS request (CVE-2014-0032).

The package has been patched to correct this issue.

Additionally, the svnserve service was using the incorrect root directory
for the repositories.  This has also been corrected.  The root directory is
now defined in the /etc/sysconfig/svnserve file.
                

References

SRPMS

3/core