An attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash or gain access to restricted files.
Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain baselined WebDAV resource requests. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service. (CVE-2011-1752)
6 June 2011
A security issue affects these releases of Ubuntu and its derivatives:
An attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash or gain access to restricted files.
Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain baselined WebDAV resource requests. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service. (CVE-2011-1752)
Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests. A remote attacker could use this flaw to cause the service to consume all available resources, leading to a denial of service. (CVE-2011-1783)
Kamesh Jayachandran discovered that the Subversion mod_dav_svn module for Apache did not properly handle access control in certain situations. A remote user could use this flaw to gain access to files that would otherwise be unreadable. (CVE-2011-1921)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart any applications that use Subversion, such as Apache when using mod_dav_svn, to make all the necessary changes.
Vulmon