Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201309-11 ] Subversion: Multiple vulnerabilities
Date: Mon, 23 Sep 2013 23:16:22
Message-Id: 5240CB5F.6070100@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201309-11
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Low
8 Title: Subversion: Multiple vulnerabilities
9 Date: September 23, 2013
10 Bugs: #350166, #356741, #369065, #463728, #463860, #472202, #482166
11 ID: 201309-11
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Subversion, allowing
19 attackers to cause a Denial of Service, escalate privileges, or obtain
20 sensitive information.
21
22 Background
23 ==========
24
25 Subversion is a versioning system designed to be a replacement for CVS.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-vcs/subversion < 1.7.13 >= 1.7.13
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Subversion. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could cause a Denial of Service condition or obtain
45 sensitive information. A local attacker could escalate his privileges
46 to the user running svnserve.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Subversion users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2010-4539
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539
66 [ 2 ] CVE-2010-4644
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644
68 [ 3 ] CVE-2011-0715
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715
70 [ 4 ] CVE-2011-1752
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752
72 [ 5 ] CVE-2011-1783
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783
74 [ 6 ] CVE-2011-1921
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921
76 [ 7 ] CVE-2013-1845
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845
78 [ 8 ] CVE-2013-1846
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846
80 [ 9 ] CVE-2013-1847
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847
82 [ 10 ] CVE-2013-1849
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849
84 [ 11 ] CVE-2013-1884
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884
86 [ 12 ] CVE-2013-1968
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968
88 [ 13 ] CVE-2013-2088
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088
90 [ 14 ] CVE-2013-2112
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112
92 [ 15 ] CVE-2013-4131
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131
94 [ 16 ] CVE-2013-4277
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277
96
97 Availability
98 ============
99
100 This GLSA and any updates to it are available for viewing at
101 the Gentoo Security Website:
102
103 http://security.gentoo.org/glsa/glsa-201309-11.xml
104
105 Concerns?
106 =========
107
108 Security is a primary focus of Gentoo Linux and ensuring the
109 confidentiality and security of our users' machines is of utmost
110 importance to us. Any security concerns should be addressed to
111 security@g.o or alternatively, you may file a bug at
112 https://bugs.gentoo.org.
113
114 License
115 =======
116
117 Copyright 2013 Gentoo Foundation, Inc; referenced text
118 belongs to its owner(s).
119
120 The contents of this document are licensed under the
121 Creative Commons - Attribution / Share Alike license.
122
123 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups