[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2015-1633 -- Oracle subversion

ID: oval:org.secpod.oval:def:1501151Date: (C)2015-09-03   (M)2023-07-28
Class: PATCHFamily: unix




Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash. It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. It was found that when an SVN server searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable . Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.

Platform:
Oracle Linux 6
Product:
subversion
Reference:
ELSA-2015-1633
CVE-2015-0248
CVE-2015-0251
CVE-2015-3187
CVE    3
CVE-2015-0248
CVE-2015-0251
CVE-2015-3187
CPE    68
cpe:/a:apache:subversion:1.6.10
cpe:/a:apache:subversion:1.6.11
cpe:/a:apache:subversion:1.6.12
cpe:/a:apache:subversion:1.6.13
...

© SecPod Technologies