| Description: | Description:
The remote host is missing an update to subversion
announced via advisory FEDORA-2011-3775.
Update Information:
A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. (CVE-2011-0715)
The Fedora Project would like to thank Hyrum Wright of the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin, WANdisco, Inc. as the original reporter.
Several bugs are also fixed in this update:
* more improvement to the 'blame -g' memory leak from 1.6.15
* avoid unnecessary globbing for performance
* don't add tree conflicts when one already exists
* fix potential crash when requesting mergeinfo
* don't attempt to resolve prop conflicts in 'merge --dry-run'
References:
[ 1 ] Bug #680755 - CVE-2011-0715 subversion (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client
https://bugzilla.redhat.com/show_bug.cgi?id=680755
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update subversion' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-3775
Risk factor : Medium
CVSS Score:
4.3
|
