Multiple vulnerabilities in mod_dav_svn < 1.7.9 allows remote denial of service
Subversion's mod_dav_svn Apache HTTPD server module will use
excessive
amounts of memory when a large number of properties are set or deleted
on a node. This can lead to a DoS. There are no known instances of
this problem being observed in the wild (CVE-2013-1845).
Subversion's mod_dav_svn Apache HTTPD server module will crash when
a LOCK request is made against activity URLs. This can lead to a
DoS. There are no known instances of this problem being observed in
the wild (CVE-2013-1846).
Subversion's mod_dav_svn Apache HTTPD server module will crash in
some circumstances when a LOCK request is made against a non-existent
URL. This can lead to a DoS. There are no known instances of this
problem being observed in the wild (CVE-2013-1847).
Subversion's mod_dav_svn Apache HTTPD server module will crash when
a PROPFIND request is made against activity URLs. This can lead to a
DoS. There are no known instances of this problem being observed in
the wild, but the details of how to exploit it have been disclosed
on the full disclosure mailing list (CVE-2013-1849).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
http://subversion.apache.org/security/CVE-2013-1849-advisory.txt
(from redmine: issue id 1822, created on 2013-04-30, closed on 2013-05-13)
- Changesets:
- Revision 13250c3c by Natanael Copa on 2013-05-03T13:18:12Z:
main/subversion: security upgrade to 1.7.9 (CVE-2013-1845,CVE-2013-1846,CVE-2013-1847,CVE-2013-1849)
fixes #1822