| Description: | Subversion (SVN) is a concurrent version control system which enables oneor more users to collaborate in developing and maintaining a hierarchy offiles and directories while keeping a history of all changes. Themod_dav_svn module is used with the Apache HTTP Server to allow access toSubversion repositories via HTTP.A flaw was found in the way the mod_dav_svn module handled OPTIONSrequests. A remote attacker with read access to an SVN repository servedvia HTTP could use this flaw to cause the httpd process that handled such arequest to crash. (CVE-2014-0032)A flaw was found in the way Subversion handled file names with newlinecharacters when the FSFS repository format was used. An attacker withcommit access to an SVN repository could corrupt a revision by committing aspecially crafted file. (CVE-2013-1968)A flaw was found in the way the svnserve tool of Subversion handled remoteclient network connections. An attacker with read access to an SVNrepository served via svnserve could use this flaw to cause the svnservedaemon to exit, leading to a denial of service. (CVE-2013-2112)All subversion users should upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing theupdated packages, for the update to take effect, you must restart the httpddaemon, if you are using mod_dav_svn, and the svnserve daemon, if you areserving Subversion repositories via the svn:// protocol. |