Package name
subversion
Date
2011-06-04
Advisory ID
MDVSA-2011:106
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities were discovered and corrected in subversion:

The mod_dav_svn Apache HTTPD server module will dereference a NULL
pointer if asked to deliver baselined WebDAV resources which can lead
to a DoS (Denial Of Service) (CVE-2011-1752).

The mod_dav_svn Apache HTTPD server module may in certain cenarios
enter a logic loop which does not exit and which allocates emory in
each iteration, ultimately exhausting all the available emory on the
server which can lead to a DoS (Denial Of Service) (CVE-2011-1783).

The mod_dav_svn Apache HTTPD server module may leak to remote users
the file contents of files configured to be unreadable by those users
(CVE-2011-1921).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been upgraded to the 1.6.17 version which
is not vulnerable to these issues.

Updated packages

2009.0 x86_64

 adf776406f42c9bb4c5928f8d16ad74f  2009.0/x86_64/apache-mod_dav_svn-1.6.17-0.1mdv2009.0.x86_64.rpm
 f35384b836889e04b9d732045deacccb  2009.0/x86_64/apache-mod_dontdothat-1.6.17-0.1mdv2009.0.x86_64.rpm
 cff7dcefaf6e8c3d0a7642a36661e803  2009.0/x86_64/lib64svn0-1.6.17-0.1mdv2009.0.x86_64.rpm
 01019c76de0636f512bc1338a180ab1b  2009.0/x86_64/lib64svnjavahl1-1.6.17-0.1mdv2009.0.x86_64.rpm
 74812d1b64db5301b1ed74db46dc08b6  2009.0/x86_64/perl-SVN-1.6.17-0.1mdv2009.0.x86_64.rpm
 59e84aa6043fae46047327ac124771e9  2009.0/x86_64/python-svn-1.6.17-0.1mdv2009.0.x86_64.rpm
 15fae543266ede69fa220419ca91bc8f  2009.0/x86_64/ruby-svn-1.6.17-0.1mdv2009.0.x86_64.rpm
 cd9be5e2b3ba9497e7f8e42a8d0181e0  2009.0/x86_64/subversion-1.6.17-0.1mdv2009.0.x86_64.rpm
 8e14979cf0ac190035fcb0ae994fe4d8  2009.0/x86_64/subversion-devel-1.6.17-0.1mdv2009.0.x86_64.rpm
 4c2e1922b12202697983b567638c9b92  2009.0/x86_64/subversion-doc-1.6.17-0.1mdv2009.0.x86_64.rpm
 a7e5997dc660568bafed59a7bab37578  2009.0/x86_64/subversion-server-1.6.17-0.1mdv2009.0.x86_64.rpm
 936dc2d30cc5bb8f54b32d862af63f3d  2009.0/x86_64/subversion-tools-1.6.17-0.1mdv2009.0.x86_64.rpm
 e40d82e0b13a180d2a3c2ed2cd356e52  2009.0/x86_64/svn-javahl-1.6.17-0.1mdv2009.0.x86_64.rpm 
 9ac126adb88c745c67e55630c98f1dff  2009.0/SRPMS/subversion-1.6.17-0.1mdv2009.0.src.rpm

MES5 i586

 d8165cb83dada65ebc80808c55c99f5d  mes5/i586/apache-mod_dav_svn-1.6.17-0.1mdvmes5.2.i586.rpm
 5e653275497d01bab284741d509fcc20  mes5/i586/apache-mod_dontdothat-1.6.17-0.1mdvmes5.2.i586.rpm
 93ce20f3fc00bf2b0d2136b7c35538ed  mes5/i586/libsvn0-1.6.17-0.1mdvmes5.2.i586.rpm
 c8602d9ca59963d8f288d7c1ea718cb3  mes5/i586/libsvnjavahl1-1.6.17-0.1mdvmes5.2.i586.rpm
 f148fab1eedbcf9a9f19d3e60c6cfadf  mes5/i586/perl-SVN-1.6.17-0.1mdvmes5.2.i586.rpm
 d631ac32c1563680d7c5cc9bcbfcfb6b  mes5/i586/python-svn-1.6.17-0.1mdvmes5.2.i586.rpm
 06f830bce3b8e01f2fd40b5c637ab986  mes5/i586/ruby-svn-1.6.17-0.1mdvmes5.2.i586.rpm
 357ceb371acfcd3eb9cd88caa107a53b  mes5/i586/subversion-1.6.17-0.1mdvmes5.2.i586.rpm
 b3aa7097cb52e07a775653d822aa7dba  mes5/i586/subversion-devel-1.6.17-0.1mdvmes5.2.i586.rpm
 798e56237c5ea86ad3f78dc28efe5872  mes5/i586/subversion-doc-1.6.17-0.1mdvmes5.2.i586.rpm
 973d3c726f9d0c502acfeacad69ac614  mes5/i586/subversion-server-1.6.17-0.1mdvmes5.2.i586.rpm
 46f2b4d4539d7da8848a182a9b28afbd  mes5/i586/subversion-tools-1.6.17-0.1mdvmes5.2.i586.rpm
 56254352fdc6c10f56e03b8a50089105  mes5/i586/svn-javahl-1.6.17-0.1mdvmes5.2.i586.rpm 
 c036e0758d2b25ecaf2b2773306dc9f1  mes5/SRPMS/subversion-1.6.17-0.1mdvmes5.2.src.rpm

2010.1 i586

 809c8316c0cf26a1aa7a26260ebd556b  2010.1/i586/apache-mod_dav_svn-1.6.17-0.1mdv2010.2.i586.rpm
 1c5aa3316d62eb40cbda3e91b5a0dead  2010.1/i586/apache-mod_dontdothat-1.6.17-0.1mdv2010.2.i586.rpm
 680745e35e66433826514dc65f748597  2010.1/i586/libsvn0-1.6.17-0.1mdv2010.2.i586.rpm
 2e523e3262c4fa0d918f6667c8c00bf1  2010.1/i586/libsvn-gnome-keyring0-1.6.17-0.1mdv2010.2.i586.rpm
 5b8802e18a6e594676823ec01348143b  2010.1/i586/libsvnjavahl1-1.6.17-0.1mdv2010.2.i586.rpm
 2d9d773efd8a108b59dd774d6030681e  2010.1/i586/libsvn-kwallet0-1.6.17-0.1mdv2010.2.i586.rpm
 786cd1f13ee58d23e8246b37991f3a4c  2010.1/i586/perl-SVN-1.6.17-0.1mdv2010.2.i586.rpm
 f718ab77c2b5c77e2b49b38604f4663f  2010.1/i586/python-svn-1.6.17-0.1mdv2010.2.i586.rpm
 e006b5cef023e652caf2281a197e848a  2010.1/i586/ruby-svn-1.6.17-0.1mdv2010.2.i586.rpm
 a7f25d127ad47dde81e72f947a425311  2010.1/i586/subversion-1.6.17-0.1mdv2010.2.i586.rpm
 2e8997143a4e9caccd531496b3d01acc  2010.1/i586/subversion-devel-1.6.17-0.1mdv2010.2.i586.rpm
 1102fa83a4d71bb78410fcf52e240a6a  2010.1/i586/subversion-doc-1.6.17-0.1mdv2010.2.i586.rpm
 f7d57f0fb38326ef4a94f17ece68071e  2010.1/i586/subversion-server-1.6.17-0.1mdv2010.2.i586.rpm
 371566535452839fd3f56d0fd1949083  2010.1/i586/subversion-tools-1.6.17-0.1mdv2010.2.i586.rpm
 1625168460442b3044986aec02642ceb  2010.1/i586/svn-javahl-1.6.17-0.1mdv2010.2.i586.rpm 
 3186570aa3e04f22d98a28e75a394710  2010.1/SRPMS/subversion-1.6.17-0.1mdv2010.2.src.rpm

2009.0 i586

 b7dcf908858e788c0321e13109163494  2009.0/i586/apache-mod_dav_svn-1.6.17-0.1mdv2009.0.i586.rpm
 c403bbd6aedcd9426dc5cf72ef56d1a9  2009.0/i586/apache-mod_dontdothat-1.6.17-0.1mdv2009.0.i586.rpm
 2f3d2373aed96710023c6a84819731f6  2009.0/i586/libsvn0-1.6.17-0.1mdv2009.0.i586.rpm
 2b4a273ce742b44b5a18bfaba5b9e6af  2009.0/i586/libsvnjavahl1-1.6.17-0.1mdv2009.0.i586.rpm
 e11fb3f919ab6358d3a3ac26d803715f  2009.0/i586/perl-SVN-1.6.17-0.1mdv2009.0.i586.rpm
 745a88c6044f3cf2fda88bfc80500c1a  2009.0/i586/python-svn-1.6.17-0.1mdv2009.0.i586.rpm
 7baab70f65cac6de36cede330f032cc5  2009.0/i586/ruby-svn-1.6.17-0.1mdv2009.0.i586.rpm
 c15bd5f296328d65f2612a61238b0f01  2009.0/i586/subversion-1.6.17-0.1mdv2009.0.i586.rpm
 b6c69f4a93490250bc4c1c29a51d0301  2009.0/i586/subversion-devel-1.6.17-0.1mdv2009.0.i586.rpm
 6b780c034fcf7caa146ac495f74776fd  2009.0/i586/subversion-doc-1.6.17-0.1mdv2009.0.i586.rpm
 51e8efe6c17057098eec1e9b0d9b305e  2009.0/i586/subversion-server-1.6.17-0.1mdv2009.0.i586.rpm
 f974ca62b90d4db1f3eeb0dc80a06787  2009.0/i586/subversion-tools-1.6.17-0.1mdv2009.0.i586.rpm
 804da077e30821641755625cb9f6f545  2009.0/i586/svn-javahl-1.6.17-0.1mdv2009.0.i586.rpm 
 9ac126adb88c745c67e55630c98f1dff  2009.0/SRPMS/subversion-1.6.17-0.1mdv2009.0.src.rpm

CS4.0 i586

 b424fc4dea5b090cc831a9b26996bb72  corporate/4.0/i586/apache-mod_dav_svn-1.6.17-0.1.20060mlcs4.i586.rpm
 66fd3f68ab4e67043c7bb06bf0f5aaeb  corporate/4.0/i586/apache-mod_dontdothat-1.6.17-0.1.20060mlcs4.i586.rpm
 cc441dda9a371692b8412af0c0b994b8  corporate/4.0/i586/libsvn0-1.6.17-0.1.20060mlcs4.i586.rpm
 f6005206e732c2f8484e6d49e4b26145  corporate/4.0/i586/perl-SVN-1.6.17-0.1.20060mlcs4.i586.rpm
 ed2db70bc8a07fe65980e4ca57abb682  corporate/4.0/i586/python-svn-1.6.17-0.1.20060mlcs4.i586.rpm
 ea7940a13e22f15181076d9fda196b3c  corporate/4.0/i586/subversion-1.6.17-0.1.20060mlcs4.i586.rpm
 93a99bf395142992eb853fde5ea11df0  corporate/4.0/i586/subversion-devel-1.6.17-0.1.20060mlcs4.i586.rpm
 9498abb347b8bda55c0d16eb24b632d8  corporate/4.0/i586/subversion-doc-1.6.17-0.1.20060mlcs4.i586.rpm
 0417594b6d75639b515d6154494bd982  corporate/4.0/i586/subversion-server-1.6.17-0.1.20060mlcs4.i586.rpm
 9e8f089fbf491f5461b4cd3adf352105  corporate/4.0/i586/subversion-tools-1.6.17-0.1.20060mlcs4.i586.rpm 
 229c77a2d2172dbb17cc496d169e8dec  corporate/4.0/SRPMS/subversion-1.6.17-0.1.20060mlcs4.src.rpm

CS4.0 x86_64

 e992b482857ea06a007d88357fb5000b  corporate/4.0/x86_64/apache-mod_dav_svn-1.6.17-0.1.20060mlcs4.x86_64.rpm
 60c10a01326c435570ff1c009de7e545  corporate/4.0/x86_64/apache-mod_dontdothat-1.6.17-0.1.20060mlcs4.x86_64.rpm
 3c9826dc51d1a6b6289a8c123edb4803  corporate/4.0/x86_64/lib64svn0-1.6.17-0.1.20060mlcs4.x86_64.rpm
 061c8703b664f7243d57c36f560c037c  corporate/4.0/x86_64/perl-SVN-1.6.17-0.1.20060mlcs4.x86_64.rpm
 ba61070e3084b50f3d3196911ee9004b  corporate/4.0/x86_64/python-svn-1.6.17-0.1.20060mlcs4.x86_64.rpm
 e87e651ac237c9425e1a2650f9761fe9  corporate/4.0/x86_64/subversion-1.6.17-0.1.20060mlcs4.x86_64.rpm
 feb1ad3849b68b49b38e124db0b0d633  corporate/4.0/x86_64/subversion-devel-1.6.17-0.1.20060mlcs4.x86_64.rpm
 a0ed185c8c0aa4e4b0186f8aa08dc6b4  corporate/4.0/x86_64/subversion-doc-1.6.17-0.1.20060mlcs4.x86_64.rpm
 0d9bdee90a50428480922d2e882f6fe3  corporate/4.0/x86_64/subversion-server-1.6.17-0.1.20060mlcs4.x86_64.rpm
 e5afc579bb3fbc44509241e010549e53  corporate/4.0/x86_64/subversion-tools-1.6.17-0.1.20060mlcs4.x86_64.rpm 
 229c77a2d2172dbb17cc496d169e8dec  corporate/4.0/SRPMS/subversion-1.6.17-0.1.20060mlcs4.src.rpm

MES5 x86_64

 e41d3cd15e340df2903d1ae5fcaa958e  mes5/x86_64/apache-mod_dav_svn-1.6.17-0.1mdvmes5.2.x86_64.rpm
 d84d598685b49e33b29b99e73bd25e61  mes5/x86_64/apache-mod_dontdothat-1.6.17-0.1mdvmes5.2.x86_64.rpm
 67cc1d9ac7ac69fa494bb3c0c3ab1b24  mes5/x86_64/lib64svn0-1.6.17-0.1mdvmes5.2.x86_64.rpm
 0c93407253c6456cf47ac40fdf903ae0  mes5/x86_64/lib64svnjavahl1-1.6.17-0.1mdvmes5.2.x86_64.rpm
 9662f86183093a782ff143ff1c3f61a8  mes5/x86_64/perl-SVN-1.6.17-0.1mdvmes5.2.x86_64.rpm
 74879ef216a0286b463c8713e1045b43  mes5/x86_64/python-svn-1.6.17-0.1mdvmes5.2.x86_64.rpm
 032060ecadfbfaff5c94a2df6b7b1157  mes5/x86_64/ruby-svn-1.6.17-0.1mdvmes5.2.x86_64.rpm
 4ca2ddde563edde87e5864e419db655b  mes5/x86_64/subversion-1.6.17-0.1mdvmes5.2.x86_64.rpm
 a7690a8ee3c367539958d740bd885252  mes5/x86_64/subversion-devel-1.6.17-0.1mdvmes5.2.x86_64.rpm
 6b1d4297f49e1703a69e5c73ee380686  mes5/x86_64/subversion-doc-1.6.17-0.1mdvmes5.2.x86_64.rpm
 316dc293f1c4871b9833ecffc7e809b0  mes5/x86_64/subversion-server-1.6.17-0.1mdvmes5.2.x86_64.rpm
 d644829032a7bf93945ef6376cf1ed9c  mes5/x86_64/subversion-tools-1.6.17-0.1mdvmes5.2.x86_64.rpm
 b25e044ca25e3891dfd4699b94bc10e2  mes5/x86_64/svn-javahl-1.6.17-0.1mdvmes5.2.x86_64.rpm 
 c036e0758d2b25ecaf2b2773306dc9f1  mes5/SRPMS/subversion-1.6.17-0.1mdvmes5.2.src.rpm

2010.1 x86_64

 5e499d3c40941455d1b37dbf5773991e  2010.1/x86_64/apache-mod_dav_svn-1.6.17-0.1mdv2010.2.x86_64.rpm
 0aa267a7b319e2a30960ee2a5414d80e  2010.1/x86_64/apache-mod_dontdothat-1.6.17-0.1mdv2010.2.x86_64.rpm
 35cdd975fcec1b990d51bdb9f1714bf4  2010.1/x86_64/lib64svn0-1.6.17-0.1mdv2010.2.x86_64.rpm
 4278a8f843fb04cd2850eaa64cb0f568  2010.1/x86_64/lib64svn-gnome-keyring0-1.6.17-0.1mdv2010.2.x86_64.rpm
 d2c973cce463ac11b543c93e70c8aed9  2010.1/x86_64/lib64svnjavahl1-1.6.17-0.1mdv2010.2.x86_64.rpm
 80302dffc3708392c44c71e8beb5318c  2010.1/x86_64/lib64svn-kwallet0-1.6.17-0.1mdv2010.2.x86_64.rpm
 326ef2d296d29e081afb3191af5212ef  2010.1/x86_64/perl-SVN-1.6.17-0.1mdv2010.2.x86_64.rpm
 3ebaa0c7e51c6607cbb15d032793126c  2010.1/x86_64/python-svn-1.6.17-0.1mdv2010.2.x86_64.rpm
 7fac98a4b1457fdd628c0f9ac342497a  2010.1/x86_64/ruby-svn-1.6.17-0.1mdv2010.2.x86_64.rpm
 5291fcc25554166520cab2642fbdf166  2010.1/x86_64/subversion-1.6.17-0.1mdv2010.2.x86_64.rpm
 8b18da0f0e6e8a39f56774395c73eb21  2010.1/x86_64/subversion-devel-1.6.17-0.1mdv2010.2.x86_64.rpm
 5e645e03996129bb649ca39a24a09496  2010.1/x86_64/subversion-doc-1.6.17-0.1mdv2010.2.x86_64.rpm
 ceb52200e4ebfeadec2d48c2c7b5fd4d  2010.1/x86_64/subversion-server-1.6.17-0.1mdv2010.2.x86_64.rpm
 95aff7b1b38a5a26a58b44e3984d3d89  2010.1/x86_64/subversion-tools-1.6.17-0.1mdv2010.2.x86_64.rpm
 968576b20dd363a6899c4c7eefe8b614  2010.1/x86_64/svn-javahl-1.6.17-0.1mdv2010.2.x86_64.rpm 
 3186570aa3e04f22d98a28e75a394710  2010.1/SRPMS/subversion-1.6.17-0.1mdv2010.2.src.rpm

References