Bug 1642 - Subversion vulnerabilities
Summary: Subversion vulnerabilities
Status: RESOLVED DUPLICATE of bug 1521
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-06 17:06 CEST by Jérôme Soyer
Modified: 2011-06-07 11:30 CEST (History)
1 user (show)

See Also:
Source RPM: subversion-1.6.16-5.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jérôme Soyer 2011-06-06 17:06:24 CEST 
Summary:

An attacker could send crafted input to the Subversion mod_dav_svn module
for Apache and cause it to crash or gain access to restricted files.

Software Description:
- subversion: Advanced version control system

Details:

Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache
did not properly handle certain baselined WebDAV resource requests. A
remote attacker could use this flaw to cause the service to crash, leading
to a denial of service. (CVE-2011-1752)

Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache
did not properly handle certain requests. A remote attacker could use this
flaw to cause the service to consume all available resources, leading to a
denial of service. (CVE-2011-1783)

Kamesh Jayachandran discovered that the Subversion mod_dav_svn module for
Apache did not properly handle access control in certain situations. A
remote user could use this flaw to gain access to files that would
otherwise be unreadable. (CVE-2011-1921)
Comment 1 Pascal Terjan 2011-06-07 11:30:22 CEST 
You reported it twice

*** This bug has been marked as a duplicate of bug 1521 ***

Status: NEW => RESOLVED
CC: (none) => pterjan
Resolution: (none) => DUPLICATE
Note You need to log in before you can comment on or make changes to this bug.