Test Kennung:	1.3.6.1.4.1.25623.1.0.831306
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for subversion MDVSA-2011:006 (subversion)
Zusammenfassung:	The remote host is missing an update for the 'subversion'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'subversion' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in subversion: The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections (CVE-2010-4539). Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command (CVE-2010-4644). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been upgraded to the latest versions (1.5.9, 1.6.15) which is not affected by these issues and in turn contains many bugfixes as well. Affected Software/OS: subversion on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4539 1024934 http://www.securitytracker.com/id?1024934 42780 http://secunia.com/advisories/42780 42969 http://secunia.com/advisories/42969 43115 http://secunia.com/advisories/43115 43139 http://secunia.com/advisories/43139 43346 http://secunia.com/advisories/43346 45655 http://www.securityfocus.com/bid/45655 ADV-2011-0015 http://www.vupen.com/english/advisories/2011/0015 ADV-2011-0103 http://www.vupen.com/english/advisories/2011/0103 ADV-2011-0162 http://www.vupen.com/english/advisories/2011/0162 ADV-2011-0264 http://www.vupen.com/english/advisories/2011/0264 FEDORA-2011-0099 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html MDVSA-2011:006 http://www.mandriva.com/security/advisories?name=MDVSA-2011:006 RHSA-2011:0257 http://www.redhat.com/support/errata/RHSA-2011-0257.html RHSA-2011:0258 http://www.redhat.com/support/errata/RHSA-2011-0258.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1053-1 http://www.ubuntu.com/usn/USN-1053-1 [oss-security] 20110102 CVE request for subversion http://openwall.com/lists/oss-security/2011/01/02/1 [oss-security] 20110103 Re: CVE request for subversion http://openwall.com/lists/oss-security/2011/01/03/9 [oss-security] 20110104 Re: CVE request for subversion http://openwall.com/lists/oss-security/2011/01/04/10 http://openwall.com/lists/oss-security/2011/01/04/8 [oss-security] 20110105 Re: CVE request for subversion http://openwall.com/lists/oss-security/2011/01/05/4 [subversion-users] 20101104 apache coredump in mod_dav_svn http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A%40ncsa.illinois.edu%3E [www-announce] 20101124 Apache Subversion 1.6.15 Released http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES http://svn.apache.org/viewvc?view=revision&revision=1033166 https://bugzilla.redhat.com/show_bug.cgi?id=667407 subversion-walk-dos(64472) https://exchange.xforce.ibmcloud.com/vulnerabilities/64472 Common Vulnerability Exposure (CVE) ID: CVE-2010-4644 1024935 http://www.securitytracker.com/id?1024935 [dev] 20101104 "svn blame -g" causing svnserve to hang & mem usage to hit 2GB http://svn.haxx.se/dev/archive-2010-11/0102.shtml [subversion-users] 20101104 svnserve.exe (Win32) using 2GB of memory and then crashing? http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E http://svn.apache.org/viewvc?view=revision&revision=1032808 subversion-blameg-dos(64473) https://exchange.xforce.ibmcloud.com/vulnerabilities/64473
Copyright	Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.