FreeBSD Local Security Checks : FreeBSD Ports: subversion

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68819

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: subversion

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

subversion
subversion-freebsd

CVE-2010-4539
The walk function in repos.c in the mod_dav_svn module for the Apache
HTTP Server, as distributed in Apache Subversion before 1.6.15, allows
remote authenticated users to cause a denial of service (NULL pointer
dereference and daemon crash) via vectors that trigger the walking of
SVNParentPath collections.

CVE-2010-4644
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15
allow remote authenticated users to cause a denial of service (memory
consumption and daemon crash) via the -g option to the blame command.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4539
1024934
http://www.securitytracker.com/id?1024934
42780
http://secunia.com/advisories/42780
42969
http://secunia.com/advisories/42969
43115
http://secunia.com/advisories/43115
43139
http://secunia.com/advisories/43139
43346
http://secunia.com/advisories/43346
45655
http://www.securityfocus.com/bid/45655
ADV-2011-0015
http://www.vupen.com/english/advisories/2011/0015
ADV-2011-0103
http://www.vupen.com/english/advisories/2011/0103
ADV-2011-0162
http://www.vupen.com/english/advisories/2011/0162
ADV-2011-0264
http://www.vupen.com/english/advisories/2011/0264
FEDORA-2011-0099
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html
MDVSA-2011:006
http://www.mandriva.com/security/advisories?name=MDVSA-2011:006
RHSA-2011:0257
http://www.redhat.com/support/errata/RHSA-2011-0257.html
RHSA-2011:0258
http://www.redhat.com/support/errata/RHSA-2011-0258.html
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
USN-1053-1
http://www.ubuntu.com/usn/USN-1053-1
[oss-security] 20110102 CVE request for subversion
http://openwall.com/lists/oss-security/2011/01/02/1
[oss-security] 20110103 Re: CVE request for subversion
http://openwall.com/lists/oss-security/2011/01/03/9
[oss-security] 20110104 Re: CVE request for subversion
http://openwall.com/lists/oss-security/2011/01/04/10
http://openwall.com/lists/oss-security/2011/01/04/8
[oss-security] 20110105 Re: CVE request for subversion
http://openwall.com/lists/oss-security/2011/01/05/4
[subversion-users] 20101104 apache coredump in mod_dav_svn
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A%40ncsa.illinois.edu%3E
[www-announce] 20101124 Apache Subversion 1.6.15 Released
http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E
http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES
http://svn.apache.org/viewvc?view=revision&revision=1033166
https://bugzilla.redhat.com/show_bug.cgi?id=667407
subversion-walk-dos(64472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64472
Common Vulnerability Exposure (CVE) ID: CVE-2010-4644
1024935
http://www.securitytracker.com/id?1024935
[dev] 20101104 "svn blame -g" causing svnserve to hang & mem usage to hit 2GB
http://svn.haxx.se/dev/archive-2010-11/0102.shtml
[subversion-users] 20101104 svnserve.exe (Win32) using 2GB of memory and then crashing?
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E
http://svn.apache.org/viewvc?view=revision&revision=1032808
subversion-blameg-dos(64473)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64473

Copyright Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68819
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: subversion
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: subversion subversion-freebsd CVE-2010-4539 The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. CVE-2010-4644 Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4539 1024934 http://www.securitytracker.com/id?1024934 42780 http://secunia.com/advisories/42780 42969 http://secunia.com/advisories/42969 43115 http://secunia.com/advisories/43115 43139 http://secunia.com/advisories/43139 43346 http://secunia.com/advisories/43346 45655 http://www.securityfocus.com/bid/45655 ADV-2011-0015 http://www.vupen.com/english/advisories/2011/0015 ADV-2011-0103 http://www.vupen.com/english/advisories/2011/0103 ADV-2011-0162 http://www.vupen.com/english/advisories/2011/0162 ADV-2011-0264 http://www.vupen.com/english/advisories/2011/0264 FEDORA-2011-0099 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html MDVSA-2011:006 http://www.mandriva.com/security/advisories?name=MDVSA-2011:006 RHSA-2011:0257 http://www.redhat.com/support/errata/RHSA-2011-0257.html RHSA-2011:0258 http://www.redhat.com/support/errata/RHSA-2011-0258.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1053-1 http://www.ubuntu.com/usn/USN-1053-1 [oss-security] 20110102 CVE request for subversion http://openwall.com/lists/oss-security/2011/01/02/1 [oss-security] 20110103 Re: CVE request for subversion http://openwall.com/lists/oss-security/2011/01/03/9 [oss-security] 20110104 Re: CVE request for subversion http://openwall.com/lists/oss-security/2011/01/04/10 http://openwall.com/lists/oss-security/2011/01/04/8 [oss-security] 20110105 Re: CVE request for subversion http://openwall.com/lists/oss-security/2011/01/05/4 [subversion-users] 20101104 apache coredump in mod_dav_svn http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A%40ncsa.illinois.edu%3E [www-announce] 20101124 Apache Subversion 1.6.15 Released http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES http://svn.apache.org/viewvc?view=revision&revision=1033166 https://bugzilla.redhat.com/show_bug.cgi?id=667407 subversion-walk-dos(64472) https://exchange.xforce.ibmcloud.com/vulnerabilities/64472 Common Vulnerability Exposure (CVE) ID: CVE-2010-4644 1024935 http://www.securitytracker.com/id?1024935 [dev] 20101104 "svn blame -g" causing svnserve to hang & mem usage to hit 2GB http://svn.haxx.se/dev/archive-2010-11/0102.shtml [subversion-users] 20101104 svnserve.exe (Win32) using 2GB of memory and then crashing? http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E http://svn.apache.org/viewvc?view=revision&revision=1032808 subversion-blameg-dos(64473) https://exchange.xforce.ibmcloud.com/vulnerabilities/64473
Copyright	Copyright (C) 2011 E-Soft Inc.