Fedora has issued an advisory on September 3: https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115318.html Mageia 2 and Mageia 3 are also affected. The issue is fixed upstream in 1.7.13. Here is the upstream advisory: http://subversion.apache.org/security/CVE-2013-4277-advisory.txt Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO, MGA2TOO
fixed with subversion-1.7.13-1.mga2, subversion-1.7.13-1.mga3 and subversion-1.7.13-1.mga4
CC: (none) => oe
Thanks Oden! Advisory: ======================== Updated subversion packages fix security vulnerability: svnserve takes a --pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destination could be replaced by a symlink allowing for privilege escalation. svnserve does not create a pid file by default (CVE-2013-4277). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277 http://subversion.apache.org/security/CVE-2013-4277-advisory.txt https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115318.html ======================== Updated packages in core/updates_testing: ======================== subversion-1.7.13-1.mga2 subversion-doc-1.7.13-1.mga2 libsvn0-1.7.13-1.mga2 libsvn-gnome-keyring0-1.7.13-1.mga2 libsvn-kwallet0-1.7.13-1.mga2 subversion-server-1.7.13-1.mga2 subversion-tools-1.7.13-1.mga2 python-svn-1.7.13-1.mga2 ruby-svn-1.7.13-1.mga2 libsvnjavahl1-1.7.13-1.mga2 svn-javahl-1.7.13-1.mga2 perl-SVN-1.7.13-1.mga2 subversion-kwallet-devel-1.7.13-1.mga2 subversion-gnome-keyring-devel-1.7.13-1.mga2 perl-svn-devel-1.7.13-1.mga2 python-svn-devel-1.7.13-1.mga2 ruby-svn-devel-1.7.13-1.mga2 subversion-devel-1.7.13-1.mga2 apache-mod_dav_svn-1.7.13-1.mga2 subversion-1.7.13-1.mga3 subversion-doc-1.7.13-1.mga3 libsvn0-1.7.13-1.mga3 libsvn-gnome-keyring0-1.7.13-1.mga3 libsvn-kwallet0-1.7.13-1.mga3 subversion-server-1.7.13-1.mga3 subversion-tools-1.7.13-1.mga3 python-svn-1.7.13-1.mga3 ruby-svn-1.7.13-1.mga3 libsvnjavahl1-1.7.13-1.mga3 svn-javahl-1.7.13-1.mga3 perl-SVN-1.7.13-1.mga3 subversion-kwallet-devel-1.7.13-1.mga3 subversion-gnome-keyring-devel-1.7.13-1.mga3 perl-svn-devel-1.7.13-1.mga3 python-svn-devel-1.7.13-1.mga3 ruby-svn-devel-1.7.13-1.mga3 subversion-devel-1.7.13-1.mga3 apache-mod_dav_svn-1.7.13-1.mga3 from SRPMS: subversion-1.7.13-1.mga2.src.rpm subversion-1.7.13-1.mga3.src.rpm
Version: Cauldron => 3Assignee: bugsquad => qa-bugsWhiteboard: MGA3TOO, MGA2TOO => MGA2TOO
Test failed on Mageia 2 i586. [dave@i2v ~]$ touch file [dave@i2v ~]$ ln -s file symlink [dave@i2v ~]$ svnserve -X --pid-file symlink ^C [dave@i2v ~]$ cat symlink 9857 [dave@i2v ~]$ svnserve -X --pid-file symlink ^C [dave@i2v ~]$ cat symlink 9960
CC: (none) => davidwhodginsWhiteboard: MGA2TOO => MGA2TOO feedback
Forgot to mention, the first run of svnserve was before installing the update, the second after, so it doesn't look like the bug is fixed.
Ah. Never mind. Didn't realize it deleted the symlink, then created a regular file.
Whiteboard: MGA2TOO feedback => MGA2TOO MGA2-32-OK has_procedure
Advisory 11207.adv committed to svn.
Testing complete both releases, both arches. Someone from the sysadmin team please push 11207.adv to updates.
Keywords: (none) => validated_updateWhiteboard: MGA2TOO MGA2-32-OK has_procedure => MGA2TOO MGA2-32-OK has_procedure MGA3-32-OK MGA3-64-OK MGA2-64-OKCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0275.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)