Scientific Linux Security Update : subversion on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

A server-side memory leak was found in the Subversion server. If a
malicious, remote user performed 'svn blame' or 'svn log' operations
on certain repository files, it could cause the Subversion server to
consume a large amount of system memory. (CVE-2010-4644)

A NULL pointer dereference flaw was found in the way the mod_dav_svn
module (for use with the Apache HTTP Server) processed certain
requests. If a malicious, remote user issued a certain type of request
to display a collection of Subversion repositories on a host that has
the SVNListParentPath directive enabled, it could cause the httpd
process serving the request to crash. Note that SVNListParentPath is
not enabled by default. (CVE-2010-4539)

After installing the updated packages, the Subversion server must be
restarted for the update to take effect: restart httpd if you are
using mod_dav_svn, or restart svnserve if it is used.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60954 ()

Bugtraq ID:

CVE ID: CVE-2010-4539

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now