Mageia Advisory: MGASA-2015-0177 - Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities

Publication date: 03 May 2015
Modification date: 03 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0202 , CVE-2015-0248 , CVE-2015-0251

Description

Updated subversion packages fix security vulnerabilities:

Subversion HTTP servers with FSFS repositories are vulnerable to a remotely
triggerable excessive memory use with certain REPORT requests (CVE-2015-0202).

Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable
assertion DoS vulnerability for certain requests with dynamically evaluated
revision numbers (CVE-2015-0248).

Subversion HTTP servers allow spoofing svn:author property values for new
revisions (CVE-2015-0251).

References

https://bugs.mageia.org/show_bug.cgi?id=15619
http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
http://subversion.apache.org/security/CVE-2015-0251-advisory.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251

SRPMS

4/core

subversion-1.8.13-1.mga4

Advisories » MGASA-2015-0177

Updated subversion packages fix security vulnerabilities

Description

References

SRPMS

4/core