Bug 1062042 - (CVE-2014-0032) CVE-2014-0032 subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on
CVE-2014-0032 subversion: mod_dav_svn crash when handling certain requests wi...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140110,repor...
: Security
Depends On: 1063203 1063204 1064216 1064218 1064221 1064222
Blocks: 1062046
  Show dependency treegraph
 
Reported: 2014-02-06 00:13 EST by Murray McAllister
Modified: 2015-11-24 10:43 EST (History)
7 users (show)

See Also:
Fixed In Version: subversion 1.7.15, subversion 1.8.6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-10-21 05:12:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Novell 862459 None None None Never

  None (edit)
Description Murray McAllister 2014-02-06 00:13:38 EST
A mod_dav_svn crash was reported when SVNListParentPath is on:

http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E

Certain requests could cause mod_dav_svn to crash.

This has been corrected in version 1.7.15:

https://svn.apache.org/repos/asf/subversion/branches/1.7.x/CHANGES

Upstream fix for CVE-2014-0032:

http://svn.apache.org/viewvc?view=revision&revision=r1557320
Comment 2 Huzaifa S. Sidhpurwala 2014-02-10 04:33:46 EST
This issue affects the version of subversion as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 4 Huzaifa S. Sidhpurwala 2014-02-10 04:35:00 EST
Created subversion tracking bugs for this issue:

Affects: fedora-all [bug 1063204]
Comment 12 Vincent Danen 2014-02-20 13:23:15 EST
External References:

http://subversion.apache.org/security/CVE-2014-0032-advisory.txt
Comment 19 Fedora Update System 2014-03-15 11:17:26 EDT
subversion-1.8.8-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2014-03-15 11:19:23 EDT
subversion-1.7.16-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Tomas Hoger 2014-10-21 05:12:54 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2014:0255 https://rhn.redhat.com/errata/RHSA-2014-0255.html

Note You need to log in before you can comment on or make changes to this bug.