An infinite loop was found in the way mod_dav_svn module of the subversion concurrent version control system processed certain data sets, when SVNPathAuthz configuration directive with value of 'short_circuit' was used. A remote attacker could use this flaw to cause the httpd child process to consume excessive amount of system memory. Acknowledgements: Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Ivan Zhakov of VisualSVN as the original reporter.
This issue did NOT affect the version of the subversion package, as shipped with Red Hat Enterprise Linux 4. -- This issue affects the versions of the subversion package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the subversion package, as shipped with Fedora release of 13, 14, and 15.
Public via: http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
Created subversion tracking bugs for this issue Affects: fedora-all [bug 709952]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2011:0862 https://rhn.redhat.com/errata/RHSA-2011-0862.html