subversion: security udpate
Subversion was updated to version 1.6.17 to fix several
security issues:
- CVE-2011-1752: The mod_dav_svn Apache HTTPD server
module can be crashed though when asked to deliver
baselined WebDAV resources.
- CVE-2011-1783: The mod_dav_svn Apache HTTPD server module
can trigger a loop which consumes all available memory on
the system.
- CVE-2011-1921: The mod_dav_svn Apache HTTPD server module
may leak to remote users the file contents of files
configured to be unreadable by those users.
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4688
Fixed bugs
bnc#698205
VUL-0: subversion: multiple security issues
CVE#CVE-2011-1752
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploi
CVE#CVE-2011-1783
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory con
CVE#CVE-2011-1921
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable i
