Novell Home

CVE-2014-0032

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0032 at MITRE

Description

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 862459

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Onsite 1.3
  • subversion >= 1.6.17-1.27.2
Builds
SAT Patch Nr: 9070
SLE 11 SP3 DEBUGINFO
  • subversion-debuginfo >= 1.6.17-1.27.2
  • subversion-debugsource >= 1.6.17-1.27.2
Builds
SAT Patch Nr: 9080
SUSE Linux Enterprise Software Development Kit 11 SP3
  • subversion >= 1.6.17-1.27.2
  • subversion-devel >= 1.6.17-1.27.2
  • subversion-perl >= 1.6.17-1.27.2
  • subversion-python >= 1.6.17-1.27.2
  • subversion-server >= 1.6.17-1.27.2
  • subversion-tools >= 1.6.17-1.27.2
Builds
SAT Patch Nr: 9080

© 2014 Novell