MGASA-2014-0104
- Source
- https://advisories.mageia.org/MGASA-2014-0104.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0104.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2014-0104
- Related
- Published
- 2014-02-27T21:58:42Z
- Modified
- 2014-02-27T21:58:14Z
- Summary
- Updated subversion packages fix CVE-2014-0032
- Details
-
Updated subversion packages fix security vulnerability:
The moddavsvn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via an OPTIONS request (CVE-2014-0032).
The package has been patched to correct this issue.
Additionally, the svnserve service was using the incorrect root directory for the repositories. This has also been corrected. The root directory is now defined in the /etc/sysconfig/svnserve file.
- References
-
- https://advisories.mageia.org/MGASA-2014-0104.html
- https://subversion.apache.org/security/CVE-2014-0032-advisory.txt
- https://mail-archives.apache.org/mod_mbox/subversion-dev/201402.mbox/%3C530633AC.2050507@apache.org%3E
- https://bugs.mageia.org/show_bug.cgi?id=12059
- https://bugs.mageia.org/show_bug.cgi?id=12768.mga3
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/mageia/subversion?distro=mageia-3