Rapid7 Vulnerability & Exploit Database

RHSA-2011:0861: subversion security update

Back to Search

RHSA-2011:0861: subversion security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
06/06/2011
Created
07/25/2018
Added
06/16/2011
Modified
07/04/2017

Description

Subversion (SVN) is a concurrent version control system which enables oneor more users to collaborate in developing and maintaining a hierarchy offiles and directories while keeping a history of all changes. Themod_dav_svn module is used with the Apache HTTP Server to allow access toSubversion repositories via HTTP.A NULL pointer dereference flaw was found in the way the mod_dav_svn moduleprocessed requests submitted against the URL of a baselined resource. Amalicious, remote user could use this flaw to cause the httpd processserving the request to crash. (CVE-2011-1752)Red Hat would like to thank the Apache Subversion project for reportingthis issue. Upstream acknowledges Joe Schaefer of the Apache SoftwareFoundation as the original reporter.All Subversion users should upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing theupdated packages, you must restart the httpd daemon, if you are usingmod_dav_svn, for the update to take effect.

Solution(s)

  • redhat-upgrade-mod_dav_svn
  • redhat-upgrade-subversion
  • redhat-upgrade-subversion-devel
  • redhat-upgrade-subversion-perl

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;