Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:883

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.51378

Category: Conectiva Local Security Checks

Title: Conectiva Security Advisory CLA-2004:883

Summary: NOSUMMARY

Description: Description:

The remote host is missing updates announced in
advisory CLA-2004:883.

Subversion[1] is a compelling replacement for CVS.

All subversions versions prior to and including 1.0.7 are vulnerable
to a bug in mod_authz_svn that could allow sensitive metadata of
protected areas to be leaked to unauthorized users, characterizing an
information leak vulnerability.

For further information about this vulnerability, please refer to
Tigris' announcement[2].

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://subversion.tigris.org/
http://subversion.tigris.org/security/CVE-2004-0749-advisory.txt3
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:883
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: BugTraq ID: 11243
Common Vulnerability Exposure (CVE) ID: CVE-2004-0749
http://www.securityfocus.com/bid/11243
http://fedoranews.org/updates/FEDORA-2004-318.shtml
http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml
XForce ISS Database: subversion-information-disclosure(17472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17472

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.51378
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:883
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:883. Subversion[1] is a compelling replacement for CVS. All subversions versions prior to and including 1.0.7 are vulnerable to a bug in mod_authz_svn that could allow sensitive metadata of protected areas to be leaked to unauthorized users, characterizing an information leak vulnerability. For further information about this vulnerability, please refer to Tigris' announcement[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://subversion.tigris.org/ http://subversion.tigris.org/security/CVE-2004-0749-advisory.txt3 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:883 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	BugTraq ID: 11243 Common Vulnerability Exposure (CVE) ID: CVE-2004-0749 http://www.securityfocus.com/bid/11243 http://fedoranews.org/updates/FEDORA-2004-318.shtml http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml XForce ISS Database: subversion-information-disclosure(17472) https://exchange.xforce.ibmcloud.com/vulnerabilities/17472
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com