FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Subversion -- multiple vulnerabilities

Affected packages
subversion < 1.6.17
subversion-freebsd < 1.6.17

Details

VuXML ID e27a1af3-8d21-11e0-a45d-001e8c75030d
Discovery 2011-05-28
Entry 2011-06-02

Subversion team reports:

Subversion's mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources.

This can lead to a DoS. An exploit has been tested, and tools or users have been observed triggering this problem in the wild.

Subversion's mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates memory in each iteration, ultimately exhausting all the available memory on the server.

This can lead to a DoS. There are no known instances of this problem being observed in the wild, but an exploit has been tested.

Subversion's mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.

There are no known instances of this problem being observed in the wild, but an exploit has been tested.

References

CVE Name CVE-2011-1752
CVE Name CVE-2011-1783
CVE Name CVE-2011-1921