Bug 1000192 (CVE-2013-4246)

Summary: CVE-2013-4246 subversion: FSFS repository corruption due to editing packed revision properties
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: subversion 1.8.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-22 22:11:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1000203    
Attachments:
Description Flags
upstream patch to fix CVE-2013-4246 none

Description Vincent Danen 2013-08-22 22:08:01 UTC 
A flaw was reported in how the Subversion FSFS repository handled the packing of revision properties.  When one or more revision properties of a packed revision are set to new, larger values, a "pack file" in the repository might get split.  While this is happening, it is possible that the wrong pack file gets deleted, which can lead to data loss of revision property data.

This issue only affects FSFS repositories in Subversion 1.8.0 and 1.8.1.  It does not affect BDB repositories or earlier versions of Subversion.


Acknowledgements:

Red Hat would like to thank Ben Reser of the Apache Subversion project for reporting this issue. Upstream acknowledges Ivan Zhakov from VisualSVN as the original issue reporter.


Statement:

Not vulnerable.  This issue did not affect the versions of subversion as shipped with Red Hat Enterprise Linux 5 or 6, as they did not ship the vulnerable versions of subversion.
Comment 1 Vincent Danen 2013-08-22 22:09:47 UTC 
This issue is embargoed until 29 August 2013 17:00 UTC.
Comment 2 Vincent Danen 2013-08-22 22:10:36 UTC 
Created attachment 789383 [details]
upstream patch to fix CVE-2013-4246
Comment 3 Vincent Danen 2013-08-30 16:29:52 UTC 
External References:

http://subversion.apache.org/security/CVE-2013-4246-advisory.txt