-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:173 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : subversion Date : June 13, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in subversion: If a filename which contains a newline character (ASCII 0x0a) is committed to a repository using the FSFS format, the resulting revision is corrupt. This can lead to disruption for users of the repository (CVE-2013-1968). Subversion's svnserve server process may exit when an incoming TCP connection is closed early in the connection process. This can lead to disruption for users of the server (CVE-2013-2112). This advisory provides the latest versions of subversion (1.6.23/1.7.10) which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112 http://subversion.apache.org/security/CVE-2013-1968-advisory.txt http://subversion.apache.org/security/CVE-2013-2112-advisory.txt _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 131a0451a20a116151def1bb4240b102 mes5/i586/apache-mod_dav_svn-1.6.23-0.1mdvmes5.2.i586.rpm eee20686ffae03646f8c849e33f44360 mes5/i586/apache-mod_dontdothat-1.6.23-0.1mdvmes5.2.i586.rpm 8440bcd1e593f325728ea6bd0a21f80d mes5/i586/libsvn0-1.6.23-0.1mdvmes5.2.i586.rpm 607748fe61df7f35d52bc82ec03c9a67 mes5/i586/libsvnjavahl1-1.6.23-0.1mdvmes5.2.i586.rpm e6913bb295f8810d632dc699888a7e6a mes5/i586/perl-SVN-1.6.23-0.1mdvmes5.2.i586.rpm ee552c9ebb20a8384a25dae7bbbb0816 mes5/i586/python-svn-1.6.23-0.1mdvmes5.2.i586.rpm 05961e48fc20f5303e9d49f4d6f715e5 mes5/i586/ruby-svn-1.6.23-0.1mdvmes5.2.i586.rpm 54dcdd8dcb2f953c511abeb4a19173f6 mes5/i586/subversion-1.6.23-0.1mdvmes5.2.i586.rpm bfac1c0ea2758ce3e2b21ebfba53846e mes5/i586/subversion-devel-1.6.23-0.1mdvmes5.2.i586.rpm f8568714332798f5488eb3da460e6dd9 mes5/i586/subversion-doc-1.6.23-0.1mdvmes5.2.i586.rpm 8ea846e80917df50536fece8bd792cea mes5/i586/subversion-server-1.6.23-0.1mdvmes5.2.i586.rpm 5f934c5019a060f3a55529e5dafd331e mes5/i586/subversion-tools-1.6.23-0.1mdvmes5.2.i586.rpm 0c6f70281c91a449cc2a84c1d555f72f mes5/i586/svn-javahl-1.6.23-0.1mdvmes5.2.i586.rpm 555d17a58efeced4a57efb33eadc39be mes5/SRPMS/subversion-1.6.23-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 50c81e373fe650024014f4308546ac17 mes5/x86_64/apache-mod_dav_svn-1.6.23-0.1mdvmes5.2.x86_64.rpm 729b85dff018808ed9ebd5a09cb46dab mes5/x86_64/apache-mod_dontdothat-1.6.23-0.1mdvmes5.2.x86_64.rpm 618a89de1ff48514b7d153b4375d5a0e mes5/x86_64/lib64svn0-1.6.23-0.1mdvmes5.2.x86_64.rpm 6755bee85225a0c029fd505e31f99e6f mes5/x86_64/lib64svnjavahl1-1.6.23-0.1mdvmes5.2.x86_64.rpm 4ded75c4e650788b18a937dac27548e1 mes5/x86_64/perl-SVN-1.6.23-0.1mdvmes5.2.x86_64.rpm 2c639f9f42c15ac323d46c2c26ceb5bd mes5/x86_64/python-svn-1.6.23-0.1mdvmes5.2.x86_64.rpm beb83feaf1a7a6ca8120aa86279329ab mes5/x86_64/ruby-svn-1.6.23-0.1mdvmes5.2.x86_64.rpm 79e5c84f4f9200b7b708f87969e4e913 mes5/x86_64/subversion-1.6.23-0.1mdvmes5.2.x86_64.rpm b070d1842ddae3c4b227d9396c3d48f2 mes5/x86_64/subversion-devel-1.6.23-0.1mdvmes5.2.x86_64.rpm 13ea5d25cce79b78555127c1639f0248 mes5/x86_64/subversion-doc-1.6.23-0.1mdvmes5.2.x86_64.rpm 9c08924dca5a913f562afc0b17d6e7b5 mes5/x86_64/subversion-server-1.6.23-0.1mdvmes5.2.x86_64.rpm e6df2ebf5391278cb05e633d118d7a46 mes5/x86_64/subversion-tools-1.6.23-0.1mdvmes5.2.x86_64.rpm 352235f62cb3a585b397b67f8f8687db mes5/x86_64/svn-javahl-1.6.23-0.1mdvmes5.2.x86_64.rpm 555d17a58efeced4a57efb33eadc39be mes5/SRPMS/subversion-1.6.23-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 96ce805f5926a86cfb9928ee4878adbc mbs1/x86_64/apache-mod_dav_svn-1.7.10-0.1.mbs1.x86_64.rpm e01f199c914dd3d686c0875d24456945 mbs1/x86_64/lib64svn0-1.7.10-0.1.mbs1.x86_64.rpm 6cf641e169e452b6d650f3c40858fe5c mbs1/x86_64/lib64svn-gnome-keyring0-1.7.10-0.1.mbs1.x86_64.rpm 772edd952aafd1965ebb4409c9d51cf6 mbs1/x86_64/lib64svnjavahl1-1.7.10-0.1.mbs1.x86_64.rpm fdad77e3c7d89a1935cb90dd08c74d72 mbs1/x86_64/perl-SVN-1.7.10-0.1.mbs1.x86_64.rpm 5b4eafd8291c21f1b12f059566b846db mbs1/x86_64/perl-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm 50f81c1a757ca4b1d2aeccce3eb2dca8 mbs1/x86_64/python-svn-1.7.10-0.1.mbs1.x86_64.rpm 200676fbcb36e143ec01a3f6fccb3513 mbs1/x86_64/python-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm 15004b7db070ded3caff2695df6d666b mbs1/x86_64/ruby-svn-1.7.10-0.1.mbs1.x86_64.rpm dbd1df365ccbdd54f257bd507d662dc9 mbs1/x86_64/ruby-svn-devel-1.7.10-0.1.mbs1.x86_64.rpm 4218a85705e07010c6c5225c031264a0 mbs1/x86_64/subversion-1.7.10-0.1.mbs1.x86_64.rpm 94bbd1b84ec6cd0919c347e04167a1be mbs1/x86_64/subversion-devel-1.7.10-0.1.mbs1.x86_64.rpm 1f398aca282bf1c5b38a31a6efdead37 mbs1/x86_64/subversion-doc-1.7.10-0.1.mbs1.x86_64.rpm 53a64a1f5f948d9e4be6d39a1c0ec05f mbs1/x86_64/subversion-gnome-keyring-devel-1.7.10-0.1.mbs1.x86_64.rpm b6cb7b09aa94fef2b6ff04a0dad3aa56 mbs1/x86_64/subversion-server-1.7.10-0.1.mbs1.x86_64.rpm 27b5bb16fe21cd0585758c4b78751dc0 mbs1/x86_64/subversion-tools-1.7.10-0.1.mbs1.x86_64.rpm f6b44cd8103689e5456148d20671e630 mbs1/x86_64/svn-javahl-1.7.10-0.1.mbs1.x86_64.rpm f243a17e3e149d4c961945bbeb4d880b mbs1/SRPMS/subversion-1.7.10-0.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRudxBmqjQ0CJFipgRAhIaAKCN6Uww0VzElJ1TquZYXirDMBz9jwCeOHuV ytl2RR3dbAHeFdfgq0wq5S0= =pR4b -----END PGP SIGNATURE-----