U radu programskog paketa Subversion uočeni su sigurnosni propusti koji udaljenom napadaču omogućuju napad uskraćivanjem usluga (stvaranje beskonačne petlje i prevelika potrošnja memorije).
Paket:
Subversion 1.x
Operacijski sustavi:
SUSE Linux Enterprise Server (SLES) 10
Kritičnost:
4.8
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-0715, CVE-2011-1752, CVE-2011-1783
Izvorni ID preporuke:
SUSE-SU-2011:0692-1
Izvor:
SUSE
Problem:
Sigurnosni propusti se javljaju zbog pogreške u "mod_dav_svn" modulu za Apache HTTP poslužitelje.
Posljedica:
Sigurnosne ranjivosti udaljenom napadaču omogućuju DoS (eng. Denial of Service) napad.
Rješenje:
Rješenje problema sigurnosti je korištenje dostupnih programskih zakrpa.
SUSE Security Update: subversion
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:0692-1
Rating: important
References: #676949 #698205
Cross-References: CVE-2011-0715 CVE-2011-1752 CVE-2011-1783
Affected Products:
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
SLE SDK 10 SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
Subversion was updated to fix several security issues:
* CVE-2011-1752: The mod_dav_svn Apache HTTPD server
module can be crashed though when asked to deliver
baselined WebDAV resources.
* CVE-2011-1783: The mod_dav_svn Apache HTTPD server
module can trigger a loop which consumes all available
memory on the system.
* CVE-2011-0715: Remote attackers could crash an svn
server by causing a NULL deref
Security Issue references:
* CVE-2011-1752
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752
>
* CVE-2011-1783
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783
>
* CVE-2011-0715
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715
>
Package List:
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
subversion-1.3.1-1.18.1
subversion-devel-1.3.1-1.18.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
cvs2svn-1.3.0-30.18.1
subversion-1.3.1-1.18.1
subversion-devel-1.3.1-1.18.1
subversion-python-1.3.1-1.18.1
subversion-server-1.3.1-1.18.1
subversion-tools-1.3.1-1.18.1
viewcvs-1.0.5-0.18.1
- SLE SDK 10 SP3 (i586 ia64 ppc s390x x86_64):
cvs2svn-1.3.0-30.18.1
subversion-1.3.1-1.18.1
subversion-devel-1.3.1-1.18.1
subversion-python-1.3.1-1.18.1
subversion-server-1.3.1-1.18.1
subversion-tools-1.3.1-1.18.1
viewcvs-1.0.5-0.18.1
References:
http://support.novell.com/security/cve/CVE-2011-0715.html
http://support.novell.com/security/cve/CVE-2011-1752.html
http://support.novell.com/security/cve/CVE-2011-1783.html
https://bugzilla.novell.com/676949
https://bugzilla.novell.com/698205
http://download.novell.com/patch/finder/?keywords=39703f93de4dd5819f6910aa7cad5e38
http://download.novell.com/patch/finder/?keywords=dc2a8d54fb644c1ef1dc261a23ba432e
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke