Bug 1062042 (CVE-2014-0032) - CVE-2014-0032 subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on
Summary: CVE-2014-0032 subversion: mod_dav_svn crash when handling certain requests wi...
Status: CLOSED ERRATA
Alias: CVE-2014-0032
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20140110,repor...
Keywords: Security
Depends On: 1063203 1063204 1064216 1064218 1064221 1064222
Blocks: 1062046
TreeView+ depends on / blocked
 
Reported: 2014-02-06 05:13 UTC by Murray McAllister
Modified: 2018-12-06 15:49 UTC (History)
7 users (show)

Fixed In Version: subversion 1.7.15, subversion 1.8.6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-10-21 09:12:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0255 normal SHIPPED_LIVE Moderate: subversion security update 2014-03-06 00:00:14 UTC
Novell 862459 None None None Never

Description Murray McAllister 2014-02-06 05:13:38 UTC
A mod_dav_svn crash was reported when SVNListParentPath is on:

http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E

Certain requests could cause mod_dav_svn to crash.

This has been corrected in version 1.7.15:

https://svn.apache.org/repos/asf/subversion/branches/1.7.x/CHANGES

Upstream fix for CVE-2014-0032:

http://svn.apache.org/viewvc?view=revision&revision=r1557320

Comment 2 Huzaifa S. Sidhpurwala 2014-02-10 09:33:46 UTC
This issue affects the version of subversion as shipped with Red Hat Enterprise Linux 5 and 6.

Comment 4 Huzaifa S. Sidhpurwala 2014-02-10 09:35:00 UTC
Created subversion tracking bugs for this issue:

Affects: fedora-all [bug 1063204]

Comment 12 Vincent Danen 2014-02-20 18:23:15 UTC
External References:

http://subversion.apache.org/security/CVE-2014-0032-advisory.txt

Comment 19 Fedora Update System 2014-03-15 15:17:26 UTC
subversion-1.8.8-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2014-03-15 15:19:23 UTC
subversion-1.7.16-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Tomas Hoger 2014-10-21 09:12:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2014:0255 https://rhn.redhat.com/errata/RHSA-2014-0255.html


Note You need to log in before you can comment on or make changes to this bug.