Advisories » MGASA-2014-0105

Updated subversion packages fix CVE-2014-0032

Publication date: 27 Feb 2014
Modification date: 27 Feb 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-0032

Description

Updated subversion packages fix security vulnerability:

The mod_dav_svn module in Apache Subversion before 1.8.8, when
SVNListParentPath is enabled, allows remote attackers to cause a denial of
service (crash) via an OPTIONS request (CVE-2014-0032).

The package has been updated to version 1.8.8, which fixes this issue, as
well as several others.
                

References

• https://subversion.apache.org/security/CVE-2014-0032-advisory.txt
• https://mail-archives.apache.org/mod_mbox/subversion-dev/201402.mbox/%3C530633AC.2050507@apache.org%3E
• https://bugs.mageia.org/show_bug.cgi?id=12768.mga4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032

SRPMS

4/core

• subversion-1.8.8-1.mga4