Scientific Linux Security Update : subversion on SL6.x i386/x86_64

Medium Nessus Plugin ID 85503


The remote Scientific Linux host is missing one or more security updates.


An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash.

It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property.

It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved).

After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 85503

File Name: sl_20150817_subversion_on_SL6_x.nasl

Version: $Revision: 2.1 $

Type: local

Agent: unix

Published: 2015/08/18

Modified: 2015/08/18

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2015/08/17

Reference Information

CVE: CVE-2015-0248, CVE-2015-0251, CVE-2015-3187