A security flaw was found in the way FSFS repository format functionality of Subversion, a concurrent version control system, processed filenames containing newline (ASCII 0x0a) character sequence. Remote attacker (via malicious client) could commit a revision for the FSFS repository, containing specially-crafted content that in subsequent requests could lead to disruption of the service of that repository for other users. References: [1] http://subversion.apache.org/security/CVE-2013-1968-advisory.txt Announcements: [2] http://mail-archives.apache.org/mod_mbox/subversion-dev/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8+xbHA5tocrrewWew@mail.gmail.com%3E (1.6.23) [3] http://mail-archives.apache.org/mod_mbox/subversion-dev/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw@mail.gmail.com%3E (1.7.10)
This issue affects the versions of the subversion package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the subversion package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Created subversion tracking bugs for this issue Affects: fedora-all [bug 970042]
Upstream ticket: http://subversion.tigris.org/issues/show_bug.cgi?id=4340
Statement: This issue affects the version of subversion as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
subversion-1.7.11-1.fc18.1 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2014:0255 https://rhn.redhat.com/errata/RHSA-2014-0255.html