 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.68357 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 14 FEDORA-2010-16148 (subversion) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to subversion announced via advisory FEDORA-2010-16148. Update Information: This update includes the latest stable release of Subversion, version 1.6.13. Subversion servers up to 1.6.12 (inclusive) making use of the SVNPathAuthz short_circuit mod_dav_svn configuration setting have a bug which may allow users to write and/or read portions of the repository to which they are not intended to have access. This issue is fixed in this update. See http://subversion.apache.org/security/CVE-2010-3315-advisory.txt for further details A number of bug fixes are also included: * don't drop properties during foreign-repo merges * improve auto-props failure error message * improve error message for 403 status with ra_neon * don't allow 'merge --reintegrate' for 2-url merges * improve handling of missing fsfs.conf during hotcopy * escape unsafe characters in a URL during export * don't leak stale locks in FSFS * better detect broken working copies during update over ra_neon * fsfs: make rev files read-only * properly canonicalize a URL * fix wc corruption with 'commit --depth=empty' * permissions fixes when doing reintegrate merges * fix mergeinfo miscalculation during 2-url merges * fix error transmission problems in svnserve * fixed: record-only merges create self-referential mergeinfo * make 'svnmucc propset' handle existing and non-existing URLs * add new 'propsetf' subcommand to svnmucc * emit a warning about copied dirs during ci with limited depth References: [ 1 ] Bug #640317 - CVE-2010-3315 Subversion: Access restriction bypass by checkout of the root of the repository https://bugzilla.redhat.com/show_bug.cgi?id=640317 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update subversion' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-16148 Risk factor : High CVSS Score: 6.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-3315 41652 http://secunia.com/advisories/41652 43139 http://secunia.com/advisories/43139 43346 http://secunia.com/advisories/43346 ADV-2011-0264 http://www.vupen.com/english/advisories/2011/0264 APPLE-SA-2011-03-21-1 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html DSA-2118 http://www.debian.org/security/2010/dsa-2118 MDVSA-2010:199 http://www.mandriva.com/security/advisories?name=MDVSA-2010:199 RHSA-2011:0258 http://www.redhat.com/support/errata/RHSA-2011-0258.html SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html USN-1053-1 http://www.ubuntu.com/usn/USN-1053-1 http://security-tracker.debian.org/tracker/CVE-2010-3315 http://subversion.apache.org/security/CVE-2010-3315-advisory.txt http://support.apple.com/kb/HT4581 oval:org.mitre.oval:def:19007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |