Oracle Linux 5 / 6 : subversion (ELSA-2014-0255)

High Nessus Plugin ID 72852


The remote Oracle Linux host is missing one or more security updates.


From Red Hat Security Advisory 2014:0255 :

Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.

A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032)

A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968)

A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service.

All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.


Update the affected subversion packages.

See Also

Plugin Details

Severity: High

ID: 72852

File Name: oraclelinux_ELSA-2014-0255.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2014/03/06

Modified: 2016/05/06

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:mod_dav_svn, p-cpe:/a:oracle:linux:subversion, p-cpe:/a:oracle:linux:subversion-devel, p-cpe:/a:oracle:linux:subversion-gnome, p-cpe:/a:oracle:linux:subversion-javahl, p-cpe:/a:oracle:linux:subversion-kde, p-cpe:/a:oracle:linux:subversion-perl, p-cpe:/a:oracle:linux:subversion-ruby, p-cpe:/a:oracle:linux:subversion-svn2cl, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/03/06

Reference Information

CVE: CVE-2013-1968, CVE-2013-2112, CVE-2014-0032

BID: 60264, 60267, 65434

OSVDB: 102927

RHSA: 2014:0255