Updated subversion packages fix security vulnerabilities
Publication date: 19 Jun 2013Modification date: 22 Jan 2022
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-1968 , CVE-2013-2112
Description
Subversion repositories with the FSFS repository data store format can be
corrupted by newline characters in filenames. A remote attacker with a
malicious client could use this flaw to disrupt the service for other users
using that repository (CVE-2013-1968).
Subversion's svnserve server process may exit when an incoming TCP connection
is closed early in the connection process. A remote attacker can cause
svnserve to exit and thus deny service to users of the server (CVE-2013-2112)
References
- https://bugs.mageia.org/show_bug.cgi?id=10479
- http://subversion.apache.org/security/CVE-2013-1968-advisory.txt
- http://subversion.apache.org/security/CVE-2013-2112-advisory.txt
- http://www.debian.org/security/2013/dsa-2703
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112
SRPMS
3/core
- subversion-1.7.10-1.1.mga3
2/core
- subversion-1.7.10-1.mga2