Advisories ยป MGASA-2015-0490

Updated subversion packages fix security vulnerabilities

Publication date: 28 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5343


Updated subversion packages fix security vulnerability:

Subversion's httpd servers are vulnerable to a remotely triggerable heap-based
buffer overflow and out-of-bounds read caused by an integer overflow when
parsing skel-encoded request bodies (CVE-2015-5343).

This allows remote attackers with write access to a repository to cause a
denial of service or possibly execute arbitrary code under the context of the
httpd process.  32-bit server versions are vulnerable to both the
denial-of-service attack and possible arbitrary code execution.  64-bit server
versions are only vulnerable to the denial-of-service attack.