Updated subversion packages fix security vulnerabilities
Publication date: 23 Dec 2014Modification date: 23 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3580 , CVE-2014-8108
Description
A NULL pointer dereference flaw was found in the way mod_dav_svn handled
REPORT requests. A remote, unauthenticated attacker could use a crafted
REPORT request to crash mod_dav_svn (CVE-2014-3580).
A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs
for virtual transaction names. A remote, unauthenticated attacker could send
a request for a virtual transaction name that does not exist, causing
mod_dav_svn to crash (CVE-2014-8108).
References
- https://bugs.mageia.org/show_bug.cgi?id=14826
- http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
- http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1174054
- https://bugzilla.redhat.com/show_bug.cgi?id=1174057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
SRPMS
4/core
- subversion-1.8.11-1.mga4