Mandriva Linux Security Advisory : subversion (MDVSA-2011:067)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability was discovered and corrected in subversion :

The mod_dav_svn module for the Apache HTTP Server, as distributed in
Apache Subversion before 1.6.16, allows remote attackers to cause a
denial of service (NULL pointer dereference and daemon crash) via a
request that contains a lock token (CVE-2011-0715).

Additionally for Corporate Server 4 and Enterprise Server 5 subversion
have been upgraded to the 1.6.16 version due to of numerous upstream
fixes and new features, the serf packages has also been upgraded to
the now required 0.3.0 version.

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been upgraded to the 1.6.16 version which is
not vulnerable to this issue.

See also :

http://svn.apache.org/repos/asf/subversion/tags/1.6.16/CHANGES

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 53309 ()

Bugtraq ID: 46734

CVE ID: CVE-2011-0715

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now