Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

subversion vulnerabilities

Related Vulnerabilities: CVE-2013-1845   CVE-2013-1846   CVE-2013-1847   CVE-2013-1849   CVE-2013-1884   CVE-2013-1968   CVE-2013-2112  

Several security issues were fixed in Subversion.

Alexander Klink discovered that the Subversion mod_dav_svn module for Apache did not properly handle a large number of properties. A remote authenticated attacker could use this flaw to cause memory consumption, leading to a denial of service. (CVE-2013-1845)

Source

27 June 2013

subversion vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Subversion.

Software Description

  • subversion - Advanced version control system

Details

Alexander Klink discovered that the Subversion mod_dav_svn module for Apache did not properly handle a large number of properties. A remote authenticated attacker could use this flaw to cause memory consumption, leading to a denial of service. (CVE-2013-1845)

Ben Reser discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain LOCKs. A remote authenticated attacker could use this flaw to cause Subversion to crash, leading to a denial of service. (CVE-2013-1846)

Philip Martin and Ben Reser discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain LOCKs. A remote attacker could use this flaw to cause Subversion to crash, leading to a denial of service. (CVE-2013-1847)

It was discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain PROPFIND requests. A remote attacker could use this flaw to cause Subversion to crash, leading to a denial of service. (CVE-2013-1849)

Greg McMullin, Stefan Fuhrmann, Philip Martin, and Ben Reser discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain log REPORT requests. A remote attacker could use this flaw to cause Subversion to crash, leading to a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.04. (CVE-2013-1884)

Stefan Sperling discovered that Subversion incorrectly handled newline characters in filenames. A remote authenticated attacker could use this flaw to corrupt FSFS repositories. (CVE-2013-1968)

Boris Lytochkin discovered that Subversion incorrectly handled TCP connections that were closed early. A remote attacker could use this flaw to cause Subversion to crash, leading to a denial of service. (CVE-2013-2112)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.04
libapache2-svn - 1.7.5-1ubuntu3.1
libsvn1 - 1.7.5-1ubuntu3.1
Ubuntu 12.10
libapache2-svn - 1.7.5-1ubuntu2.1
libsvn1 - 1.7.5-1ubuntu2.1
Ubuntu 12.04 LTS
libapache2-svn - 1.6.17dfsg-3ubuntu3.3
libsvn1 - 1.6.17dfsg-3ubuntu3.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started