USN-1144-1: Subversion vulnerabilities
6 June 2011
An attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash or gain access to restricted files.
Releases
Packages
- subversion - Advanced version control system
Details
Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache
did not properly handle certain baselined WebDAV resource requests. A
remote attacker could use this flaw to cause the service to crash, leading
to a denial of service. (CVE-2011-1752)
Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache
did not properly handle certain requests. A remote attacker could use this
flaw to cause the service to consume all available resources, leading to a
denial of service. (CVE-2011-1783)
Kamesh Jayachandran discovered that the Subversion mod_dav_svn module for
Apache did not properly handle access control in certain situations. A
remote user could use this flaw to gain access to files that would
otherwise be unreadable. (CVE-2011-1921)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
After a standard system update you need to restart any applications that
use Subversion, such as Apache when using mod_dav_svn, to make all the
necessary changes.