From https://secunia.com/advisories/53692/ : Description Two vulnerabilities have been reported in Apache Subversion, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). 1) An error within the svnserve server does not properly handle aborted connection messages and can be exploited to stop the service. 2) An error within FSFS repositories does not properly handle filenames and can be exploited to corrupt the repository and render it unusable. The vulnerabilities are reported in versions 1.7.9 and prior and versions 1.6.21 and prior. Solution Update to version 1.7.10 or 1.6.23. Provided and/or discovered by 1) The vendor credits Boris Lytochkin, Yandex 2) The vendor credits Stefan Sperling, elego Software Solutions Original Advisory http://subversion.apache.org/security/CVE-2013-2112-advisory.txt http://subversion.apache.org/security/CVE-2013-1968-advisory.txt
From https://secunia.com/advisories/53727/ : Description A vulnerability has been reported in Apache Subversion, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an input validation error in the svn-keyword-check.pl hook script while processing filenames and can be exploited to inject and execute arbitrary shell commands via a specially crafted request. Successful exploitation requires that contrib scripts are used on the server. The vulnerability is reported in versions 1.6.22 and prior and versions 1.7.10 and prior. Solution Apply fixes. Further details available to Secunia VIM customers Provided and/or discovered by The vendor credits Daniel Shahaf, elego Software Solutions Original Advisory http://subversion.apache.org/security/CVE-2013-2088-advisory.txt @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
B3 for the first set, C2 for the second one. Need a version bump to 1.7.10/1.6.22 and to apply the patch in [1]. The second comment's vulnerability is fixed in 1.7.11/1.6.23, but those are not released yet. [1] http://svn.apache.org/viewvc?view=revision&revision=1485487 Red Hat bugs: https://bugzilla.redhat.com/show_bug.cgi?id=970027 https://bugzilla.redhat.com/show_bug.cgi?id=970014 https://bugzilla.redhat.com/show_bug.cgi?id=970037
also: http://subversion.apache.org/security/CVE-2013-4131-advisory.txt 1.7.11 and 1.8.1 have been released.
1.7.11 in tree, no 1.6 update, as we dont have that series in tree
adding arches Please stabilize: =dev-vcs/subversion-1.7.11 target keywords: alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
amd64 stable
x86 stable
Stable for HPPA.
alpha stable
arm stable
ia64 stable
ppc64 stable
ppc stable
s390 stable
sh stable
sparc stable
subversion-1.7.11.ebuild has a digest verification problem Calculating dependencies - * Digest verification failed: * /usr/portage/dev-vcs/subversion/subversion-1.7.11.ebuild * Reason: Filesize does not match recorded size * Got: 14633 * Expected: 14632
Manifest issue has been fixed in the meantime, all stable arches done, affected older versions removed
CVE-2013-2112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112): The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. CVE-2013-2088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088): contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. CVE-2013-1968 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968): Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVE-2013-4131 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131): The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
This issue was resolved and addressed in GLSA 201309-11 at http://security.gentoo.org/glsa/glsa-201309-11.xml by GLSA coordinator Sean Amoss (ackle).