Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0360)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2013.0360

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2013-0360)

Resumen: The remote host is missing an update for the 'subversion' package(s) announced via the MGASA-2013-0360 advisory.

Descripción: Summary:
The remote host is missing an update for the 'subversion' package(s) announced via the MGASA-2013-0360 advisory.

Vulnerability Insight:
mod_dontdothat allows you to block update REPORT requests against certain
paths in the repository. It expects the paths in the REPORT request to be
absolute URLs. Serf based clients send relative URLs instead of absolute
URLs in many cases. As a result these clients are not blocked as
configured by mod_dontdothat (CVE-2013-4505).

When SVNAutoversioning is enabled via 'SVNAutoversioning on', commits can
be made by single HTTP requests such as MKCOL and PUT. If Subversion is
built with assertions enabled any such requests that have non-canonical
URLs, such as URLs with a trailing /, may trigger an assert. An assert
will cause the Apache process to abort (CVE-2013-4558).

Affected Software/OS:
'subversion' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-4505
http://osvdb.org/100364
http://secunia.com/advisories/55855
SuSE Security Announcement: openSUSE-SU-2013:1836 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
SuSE Security Announcement: openSUSE-SU-2013:1860 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4558
100363
http://osvdb.org/100363
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
https://bugzilla.redhat.com/show_bug.cgi?id=1033431
https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc
https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d
openSUSE-SU-2013:1836
openSUSE-SU-2013:1860

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2013.0360
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2013-0360)
Resumen:	The remote host is missing an update for the 'subversion' package(s) announced via the MGASA-2013-0360 advisory.
Descripción:	Summary: The remote host is missing an update for the 'subversion' package(s) announced via the MGASA-2013-0360 advisory. Vulnerability Insight: mod_dontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured by mod_dontdothat (CVE-2013-4505). When SVNAutoversioning is enabled via 'SVNAutoversioning on', commits can be made by single HTTP requests such as MKCOL and PUT. If Subversion is built with assertions enabled any such requests that have non-canonical URLs, such as URLs with a trailing /, may trigger an assert. An assert will cause the Apache process to abort (CVE-2013-4558). Affected Software/OS: 'subversion' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4505 http://osvdb.org/100364 http://secunia.com/advisories/55855 SuSE Security Announcement: openSUSE-SU-2013:1836 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html SuSE Security Announcement: openSUSE-SU-2013:1860 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4558 100363 http://osvdb.org/100363 http://subversion.apache.org/security/CVE-2013-4558-advisory.txt https://bugzilla.redhat.com/show_bug.cgi?id=1033431 https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d openSUSE-SU-2013:1836 openSUSE-SU-2013:1860
Copyright	Copyright (C) 2022 Greenbone AG