A null-pointer-dereference has been found in mod_authz_svn that results in
a remote unauthenticated Denial-of-Service in some server configurations.
The vulnerability can be triggered by an unauthenticated user if the
Apache HTTPD server is configured to use an in-repository authz file,
with configuration directives such as:
The problem originates when sending a GET request to a non-existent
repository. The mod_authz_svn module will attempt to find authz rules
at a path within the requested SVN repository. Upon constructing this
path, the function svn_repos_find_root_path will return a NULL pointer
since the requested repository does not exist on-disk.
A check for this legitimate NULL pointer condition is missing, which
results in a segmentation fault when the NULL pointer is used.
The in-repository authz feature was first introduced in Subversion 1.8:
The missing NULL check was first introduced during refactoring of the
authz code during development work leading up to Subversion 1.9.
Subversion 1.8 servers are unaffected.
Fixed in 1.14.1. Please bump
Please proceed with stabilization when ready.
Hitting bug 740464 on ppc.
all arches done
No glsa here.