Debian has issued an advisory on December 16: https://www.debian.org/security/2015/dsa-3424 Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated subversion packages fix security vulnerability: Subversion's httpd servers are vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies (CVE-2015-5343). This allows remote attackers with write access to a repository to cause a denial of service or possibly execute arbitrary code under the context of the httpd process. 32-bit server versions are vulnerable to both the denial-of-service attack and possible arbitrary code execution. 64-bit server versions are only vulnerable to the denial-of-service attack. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343 http://mail-archives.apache.org/mod_mbox/subversion-dev/201512.mbox/%3CCAP_GPNieJGPDbf=nmbSdf+CTMZ=5pREoqwnDNvO80mfAKNaY7Q@mail.gmail.com%3E http://svn.apache.org/repos/asf/subversion/tags/1.8.15/CHANGES http://subversion.apache.org/security/CVE-2015-5343-advisory.txt https://www.debian.org/security/2015/dsa-3424 ======================== Updated packages in core/updates_testing: ======================== subversion-1.8.15-1.mga5 subversion-doc-1.8.15-1.mga5 libsvn0-1.8.15-1.mga5 libsvn-gnome-keyring0-1.8.15-1.mga5 libsvn-kwallet0-1.8.15-1.mga5 subversion-server-1.8.15-1.mga5 subversion-tools-1.8.15-1.mga5 python-svn-1.8.15-1.mga5 ruby-svn-1.8.15-1.mga5 libsvnjavahl1-1.8.15-1.mga5 svn-javahl-1.8.15-1.mga5 perl-SVN-1.8.15-1.mga5 subversion-kwallet-devel-1.8.15-1.mga5 subversion-gnome-keyring-devel-1.8.15-1.mga5 perl-svn-devel-1.8.15-1.mga5 python-svn-devel-1.8.15-1.mga5 ruby-svn-devel-1.8.15-1.mga5 subversion-devel-1.8.15-1.mga5 apache-mod_dav_svn-1.8.15-1.mga5 from subversion-1.8.15-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=14826#c2
Whiteboard: (none) => has_procedure
Testing complete mga5. Basic testing. Validating. Please push to 5 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure advisory mga5-32-ok mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0490.html
Status: NEW => RESOLVEDResolution: (none) => FIXED