Rapid7 Vulnerability & Exploit Database

RHSA-2011:0327: subversion security and bug fix update

Back to Search

RHSA-2011:0327: subversion security and bug fix update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
03/11/2011
Created
07/25/2018
Added
03/16/2011
Modified
07/04/2017

Description

Subversion (SVN) is a concurrent version control system which enables oneor more users to collaborate in developing and maintaining a hierarchy offiles and directories while keeping a history of all changes. Themod_dav_svn module is used with the Apache HTTP Server to allow access toSubversion repositories via HTTP.A NULL pointer dereference flaw was found in the way the mod_dav_svn moduleprocessed certain requests to lock working copy paths in a repository. Aremote attacker could issue a lock request that could cause the httpdprocess serving the request to crash. (CVE-2011-0715)Red Hat would like to thank Hyrum Wright of the Apache Subversion projectfor reporting this issue. Upstream acknowledges Philip Martin, WANdisco,Inc. as the original reporter.This update also fixes the following bug:All Subversion users should upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing theupdated packages, you must restart the httpd daemon, if you are usingmod_dav_svn, for the update to take effect.

Solution(s)

  • redhat-upgrade-mod_dav_svn
  • redhat-upgrade-subversion
  • redhat-upgrade-subversion-devel
  • redhat-upgrade-subversion-javahl
  • redhat-upgrade-subversion-perl
  • redhat-upgrade-subversion-ruby

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;