Bug 1000192 - (CVE-2013-4246) CVE-2013-4246 subversion: FSFS repository corruption due to editing packed revision properties
CVE-2013-4246 subversion: FSFS repository corruption due to editing packed re...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130830,repor...
: Security
Depends On:
Blocks: 1000203
  Show dependency treegraph
 
Reported: 2013-08-22 18:08 EDT by Vincent Danen
Modified: 2013-08-30 12:34 EDT (History)
1 user (show)

See Also:
Fixed In Version: subversion 1.8.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-22 18:11:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
upstream patch to fix CVE-2013-4246 (2.56 KB, patch)
2013-08-22 18:10 EDT, Vincent Danen
no flags Details | Diff

  None (edit)
Description Vincent Danen 2013-08-22 18:08:01 EDT
A flaw was reported in how the Subversion FSFS repository handled the packing of revision properties.  When one or more revision properties of a packed revision are set to new, larger values, a "pack file" in the repository might get split.  While this is happening, it is possible that the wrong pack file gets deleted, which can lead to data loss of revision property data.

This issue only affects FSFS repositories in Subversion 1.8.0 and 1.8.1.  It does not affect BDB repositories or earlier versions of Subversion.


Acknowledgements:

Red Hat would like to thank Ben Reser of the Apache Subversion project for reporting this issue. Upstream acknowledges Ivan Zhakov from VisualSVN as the original issue reporter.


Statement:

Not vulnerable.  This issue did not affect the versions of subversion as shipped with Red Hat Enterprise Linux 5 or 6, as they did not ship the vulnerable versions of subversion.
Comment 1 Vincent Danen 2013-08-22 18:09:47 EDT
This issue is embargoed until 29 August 2013 17:00 UTC.
Comment 2 Vincent Danen 2013-08-22 18:10:36 EDT
Created attachment 789383 [details]
upstream patch to fix CVE-2013-4246
Comment 3 Vincent Danen 2013-08-30 12:29:52 EDT
External References:

http://subversion.apache.org/security/CVE-2013-4246-advisory.txt

Note You need to log in before you can comment on or make changes to this bug.